Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 639712 (CVE-2017-15110)

Summary: <www-apps/moodle-{3.1.10, 3.2.7, 3.3.4, 3.4.1}: Information disclosure vulnerability
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: blueness, web-apps
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~4 [noglsa cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2017-12-04 02:08:15 UTC 
CVE-2017-15110 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15110):
  In Moodle 3.x, students can find out email addresses of other students in
  the same course. Using search on the Participants page, students could
  search email addresses of all participants regardless of email visibility.
  This allows enumerating and guessing emails of other students.
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2018-01-25 21:29:16 UTC 
Latest unstable ebuilds are not vulnerable as verified with upstream advistory.  Not digging through Git logs.