Vulnerability Database

289,689

Total vulnerabilities in the database

CVE-2017-15110

In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.

  • Published: Nov 20, 2017
  • Updated: Apr 13, 2023
  • CVE: CVE-2017-15110
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 4
  • AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

Software From Fixed in
moodle / moodle - 3.0.10.x
moodle / moodle 3.3 3.3.2.x
moodle / moodle 3.2 3.2.5.x
moodle / moodle 3.1 3.1.8.x