CVE-2017-15110

medium

Description

In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.

References

https://moodle.org/mod/forum/discuss.php?d=361784

http://www.securityfocus.com/bid/101909

Details

Source: Mitre, NVD

Published: 2017-11-20

Updated: 2017-12-06

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N