Description

The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/override_form.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 do not properly restrict the display of e-mail addresses, which allows remote authenticated users to obtain sensitive information by using the (1) Forum or (2) Quiz module.

Remediation

References

CVE-2014-0124

Related Vulnerabilities

Jenkins Missing Authorization Vulnerability (CVE-2021-21687)

Dotclear Improper Authentication Vulnerability (CVE-2014-3781)

WordPress Plugin Zingiri Web Shop Cross-Site Scripting (2.4.2)

WordPress Plugin Read and Understood Multiple Vulnerabilities (2.1)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17303)

Severity

Medium

Classification

CVE-2014-0124 CWE-264

Tags

Missing Update Known Vulnerabilities