CVE-2021-20281

Summary

It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

Affected Software

VendorProductVersion RangeStatus
n/amoodleFixed in 3.10.2, 3.9.5, 3.8.8, 3.5.17affected

Weaknesses

  • CWE-200: CWE-200

ADP Enrichment

CVE Program Container

Additional References

References