Information disclosure in Moodle - CVE-2017-12157
Published: September 18, 2017 / Updated: August 8, 2020
Vulnerability identifier: #VU38276
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-12157
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: moodle.org
Affected software:
Moodle
Moodle
Detailed vulnerability description
The vulnerability allows a remote authenticated user to gain access to sensitive information.
In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access.
How to mitigate CVE-2017-12157
Install update from vendor's website.