PT-2020-16165 · Moodle+1 · Moodle+1

A. Schenkel

Published

2020-11-08

Updated

2024-03-06

CVE-2020-25703

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Moodle versions 3.7 through 3.7.8 Moodle versions 3.8 through 3.8.5 Moodle versions 3.9 through 3.9.2

Description The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. This issue was fixed in Moodle versions 3.9.3, 3.8.6, 3.7.9, and 3.10.

Recommendations For Moodle versions 3.7 through 3.7.8, update to version 3.7.9 or later. For Moodle versions 3.8 through 3.8.5, update to version 3.8.6 or later. For Moodle versions 3.9 through 3.9.2, update to version 3.9.3 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-201CWE-200

Related Identifiers

ALT-PU-2020-3235

ALT-PU-2020-3289

ALT-PU-2022-1641

BIT-MOODLE-2020-25703

CVE-2020-25703

GHSA-C7V4-M269-4995

Affected Products

Alt Linux

Moodle

PT-2020-16165 · Moodle+1 · Moodle+1

CVE-2020-25703

Weakness Enumeration

Related Identifiers

Affected Products

References · 15