Lucene search
GoogleOSV:GHSA-C7V4-M269-4995HistoryOct 21, 2021 - 5:49 p.m.
Exposure of Sensitive Information to an Unauthorized Actor in Moodle
2021-10-2117:49:08
Google
osv.dev
17
sensitive information
unauthorized actor
moodle
user emails
versions affected
software bug
data privacy
security vulnerability
EPSS
0.002
Percentile
55.9%
The participants table download in Moodle always included user emails, but should have only done so when users’ emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10.
References
bugzilla.redhat.com/show_bug.cgi?id=1895439
github.com/moodle/moodle
lists.fedoraproject.org/archives/list/[email protected]/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU
lists.fedoraproject.org/archives/list/[email protected]/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6
moodle.org/mod/forum/discuss.php?d=413941
nvd.nist.gov/vuln/detail/CVE-2020-25703
Related
cvelist
cvelist
CVE-2020-25703
2020-11-19 16:13:35
prion
prion
Code injection
2020-11-19 17:15:00
openvas
openvas
Moodle 3.7.x < 3.7.9, 3.8.x < 3.8.6, 3.9.x < 3.9.3 Information Disclosure Vulnerability
2020-11-27 00:00:00
Fedora: Security Advisory for moodle (FEDORA-2020-304aa2c365)
2020-11-28 00:00:00
Fedora: Security Advisory for moodle (FEDORA-2020-db73e37548)
2020-11-28 00:00:00
veracode
veracode
Information Disclosure
2020-11-20 04:44:08
osv
osv
BIT-moodle-2020-25703
2024-03-06 11:11:25
CVE-2020-25703
2020-11-19 17:15:13
nvd
nvd
CVE-2020-25703
2020-11-19 17:15:13
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Moodle
2021-10-21 17:49:08
cve
cve
CVE-2020-25703
2020-11-19 17:15:13
ubuntucve
ubuntucve
CVE-2020-25703
2020-11-19 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: moodle-3.9.3-1.fc33
2020-11-28 02:04:40
[SECURITY] Fedora 32 Update: moodle-3.8.6-1.fc32
2020-11-28 02:10:53
nessus
nessus
Fedora 32 : moodle (2020-db73e37548)
2020-11-30 00:00:00
Fedora 33 : moodle (2020-304aa2c365)
2020-11-30 00:00:00