Description

It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

Remediation

References

CVE-2021-20281

Related Vulnerabilities

SharePoint CVE-2020-17016 Vulnerability (CVE-2020-17016)

Magento Improper Authorization Vulnerability (CVE-2020-24404)

WordPress Plugin User Registration-Custom Registration Form, Login Form And User Profile Cross-Site Scripting (1.5.5)

WordPress Other Vulnerability (CVE-2005-4463)

WordPress Plugin WP Source Control Directory Traversal (3.0.0)

Severity

Medium

Classification

CVE-2021-20281 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities