Information Exposure Affecting moodle/moodle package, versions <2.7.13>=2.8.0, <2.8.11>=2.9.0, <2.9.5>=3.0.0, <3.0.3


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.15% (53rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PHP-MOODLEMOODLE-6209247
  • published29 Jan 2024
  • disclosed13 May 2022
  • creditMatt Jenner

Introduced: 13 May 2022

CVE-2016-2151  (opens in a new tab)
CWE-200  (opens in a new tab)

How to fix?

Upgrade moodle/moodle to version 2.7.13, 2.8.11, 2.9.5, 3.0.3 or higher.

Overview

moodle/moodle is a learning platform.

Affected versions of this package are vulnerable to Information Exposure due to improper authorization checks in the user/index.php endpoint. An attacker can discover student email addresses by leveraging the teacher role and reading a Participants list.