CVE-2017-15110: Information Exposure

November 20, 2017 (updated December 6, 2017)

Students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.

References

www.securityfocus.com/bid/101909
moodle.org/mod/forum/discuss.php?d=361784
nvd.nist.gov/vuln/detail/CVE-2017-15110

Code Behaviors & Features

Detect and mitigate CVE-2017-15110 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →