Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1jN3Y0LW0yNjktNDk5Nc0Wow

Exposure of Sensitive Information to an Unauthorized Actor in Moodle

The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10.

Permalink: https://github.com/advisories/GHSA-c7v4-m269-4995
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jN3Y0LW0yNjktNDk5Nc0Wow
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: 4 months ago


CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Identifiers: GHSA-c7v4-m269-4995, CVE-2020-25703
References:

Affected Packages

packagist:moodle/moodle
Versions: >= 3.10.0-beta, < 3.10.0, >= 3.7.0, < 3.7.9, >= 3.8.0, < 3.8.6, >= 3.9.0, < 3.9.3
Fixed in: 3.10.0, 3.7.9, 3.8.6, 3.9.3