CVE-2017-15110
MEDIUMMoodle 3.x - Unauthorized Email Address Exposure via Participants Page Search
Title source: llmDescription
In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101909
Issue Tracking, Mitigation, Vendor Advisory x_refsource_confirm
https://moodle.org/mod/forum/discuss.php?d=361784
Scores
CVSS v3
4.3
EPSS
0.0024
EPSS Percentile
46.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (3)
moodle/moodle
< 3.0.10
moodle/moodle
3.1 - 3.1.9Packagist
n/a/Moodle 3.x
Moodle 3.x
Published
Nov 20, 2017
Tracked Since
Feb 18, 2026