CVE-2021-20281
N/A
N/A
Summary
It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | moodle | Fixed in 3.10.2, 3.9.5, 3.8.8, 3.5.17 | affected |
Weaknesses
- CWE-200: CWE-200
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=1939041
- https://moodle.org/mod/forum/discuss.php?d=419652
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT/
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1939041
- https://moodle.org/mod/forum/discuss.php?d=419652
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.