Description
The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress+Microsoft Office 365/Azure AD-LOGIN Unspecified Vulnerability (11.6)
WordPress Plugin Taxonomy Converter Unspecified Vulnerability (1.1)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2022-3358)
WordPress Plugin OAuth Single Sign On-SSO (OAuth Client) Cross-Site Scripting (6.20.2)