PT-2014-3485 · Moodle · Moodle

Maria Torres

Published

2014-03-22

Updated

2022-05-13

CVE-2014-0124

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Moodle versions prior to 2.3.11 Moodle versions 2.4.x before 2.4.9 Moodle versions 2.5.x before 2.5.5 Moodle versions 2.6.x before 2.6.2

Description The issue concerns the improper restriction of email address display in certain modules. Remote authenticated users can exploit this to obtain sensitive information by utilizing the Forum or Quiz module.

Recommendations For versions prior to 2.3.11, update to version 2.3.11 or later. For versions 2.4.x before 2.4.9, update to version 2.4.9 or later. For versions 2.5.x before 2.5.5, update to version 2.5.5 or later. For versions 2.6.x before 2.6.2, update to version 2.6.2 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2014-0124

GHSA-FC5P-VJ3H-X7G4

MGASA-2014-0160

Affected Products

Moodle

PT-2014-3485 · Moodle · Moodle

CVE-2014-0124

Weakness Enumeration

Related Identifiers

Affected Products

References · 22