User Privacy Breach: Unauthorized Access to Full Names in Moodle

User Privacy Breach: Unauthorized Access to Full Names in Moodle

CVE-2021-20281 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

Learn more about our User Device Pen Test.