Description
user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page.
Remediation
References
Related Vulnerabilities
WordPress Plugin User Rights Access Manager Security Bypass (1.0.5)
WordPress Plugin You Shang Cross-Site Scripting (1.0.1)
OpenSSL Other Vulnerability (CVE-2002-0659)
MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-0367)
Envoy Proxy Insufficient Verification of Data Authenticity Vulnerability (CVE-2020-8660)