Description
The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/override_form.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 do not properly restrict the display of e-mail addresses, which allows remote authenticated users to obtain sensitive information by using the (1) Forum or (2) Quiz module.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2022-3743 | The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/override_form.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 do not properly restrict the display of e-mail addresses, which allows remote authenticated users to obtain sensitive information by using the (1) Forum or (2) Quiz module. |
Github GHSA |
GHSA-fc5p-vj3h-x7g4 | Moodle allows attackers to obtain sensitive information |
References
History
No history.
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-06T09:05:39.001Z
Reserved: 2013-12-03T00:00:00.000Z
Link: CVE-2014-0124
No data.
Status : Modified
Published: 2014-03-24T14:20:39.387
Modified: 2026-06-17T00:02:20.467
Link: CVE-2014-0124
No data.
OpenCVE Enrichment
No data.
Weaknesses
EUVD
Github GHSA