Description

The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/override_form.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 do not properly restrict the display of e-mail addresses, which allows remote authenticated users to obtain sensitive information by using the (1) Forum or (2) Quiz module.

Remediation

References

CVE-2014-0124

Related Vulnerabilities

Atlassian Jira CVE-2019-8448 Vulnerability (CVE-2019-8448)

WordPress Plugin Post Form-Registration Form-Profile Form for User Profiles and Content Forms for User Submissions PHAR Deserialization (2.7.7)

WordPress Plugin Download Manager PHAR Deserialization (3.2.49)

MySQL Insufficiently Protected Credentials Vulnerability (CVE-2012-5627)

MySQL CVE-2021-2002 Vulnerability (CVE-2021-2002)

Severity

Medium

Classification

CVE-2014-0124 CWE-264

Tags

Missing Update Known Vulnerabilities