Moodle · Moodle · CVE-2017-15110
**Name of the Vulnerable Software and Affected Versions**
Moodle versions 3.x
**Description**
The issue allows students to discover email addresses of other students in the same course by using the search function on the Participants page, regardless of the email visibility settings. This enables students to enumerate and guess emails of their peers.
**Recommendations**
For Moodle versions 3.x, restrict access to the Participants page search function to minimize the risk of email address enumeration. Consider implementing additional privacy settings to control the visibility of email addresses for course participants.