Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 639712 (CVE-2017-15110) - <www-apps/moodle-{3.1.10, 3.2.7, 3.3.4, 3.4.1}: Information disclosure vulnerability
Summary: <www-apps/moodle-{3.1.10, 3.2.7, 3.3.4, 3.4.1}: Information disclosure vulner...
Status: RESOLVED FIXED
Alias: CVE-2017-15110
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~4 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-12-04 02:08 UTC by GLSAMaker/CVETool Bot
Modified: 2018-01-25 21:29 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2017-12-04 02:08:15 UTC
CVE-2017-15110 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15110):
  In Moodle 3.x, students can find out email addresses of other students in
  the same course. Using search on the Participants page, students could
  search email addresses of all participants regardless of email visibility.
  This allows enumerating and guessing emails of other students.
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2018-01-25 21:29:16 UTC
Latest unstable ebuilds are not vulnerable as verified with upstream advistory.  Not digging through Git logs.