Moodle 2.0.x prior to 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
moodle moodle 2.0.2 |
||
moodle moodle 2.0.1 |
||
moodle moodle 2.0.0 |