Description
The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/override_form.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 do not properly restrict the display of e-mail addresses, which allows remote authenticated users to obtain sensitive information by using the (1) Forum or (2) Quiz module.
Remediation
References
Related Vulnerabilities
WordPress Plugin Galleries by Angie Makes Cross-Site Scripting (1.67)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4284)
Jenkins Cryptographic Issues Vulnerability (CVE-2014-2061)
Python Use After Free Vulnerability (CVE-2018-1000030)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4283)