vulnerability
Moodle: Information Exposure (CVE-2020-25703)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Nov 19, 2020 | Dec 3, 2020 | Mar 7, 2024 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Nov 19, 2020
Added
Dec 3, 2020
Modified
Mar 7, 2024
Description
The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10.
Solution
moodle-upgrade-latest
References
- CVE-2020-25703
- https://attackerkb.com/topics/CVE-2020-25703
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1895439
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU/
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6/
- URL-https://moodle.org/mod/forum/discuss.php?d=413941
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.