Description
The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10.
Remediation
References
Related Vulnerabilities
Internet Information Services Improper Authentication Vulnerability (CVE-2009-1122)
PleskWin Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4878)
Jenkins Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-2101)
Oracle Application Server CVE-2008-7233 Vulnerability (CVE-2008-7233)