Steven Spinelli

**Name of the Vulnerable Software and Affected Versions** Mahara versions 17.04 through 17.04.7 Mahara versions 17.10 through 17.10.4 Mahara versions 18.04 through 18.04.0 **Description** The issue allows the mentioning of usernames that are already taken by people registered in the system, rather than masking that information. **Recommendations** For Mahara versions 17.04 through 17.04.7, update to version 17.04.8 to resolve the issue. For Mahara versions 17.10 through 17.10.4, update to version 17.10.5 to resolve the issue. For Mahara versions 18.04 through 18.04.0, update to version 18.04.1 to resolve the issue.