CVE-2014-0124 | Vulnerability Database | Aqua Security

The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/override_form.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 do not properly restrict the display of e-mail addresses, which allows remote authenticated users to obtain sensitive information by using the (1) Forum or (2) Quiz module.

Affected Software

Name	Vendor	Start Version	End Version
Moodle	Moodle	*	2.3.11 (including)
Moodle	Moodle	2.0.0 (including)	2.0.0 (including)
Moodle	Moodle	2.0.1 (including)	2.0.1 (including)
Moodle	Moodle	2.0.2 (including)	2.0.2 (including)
Moodle	Moodle	2.0.3 (including)	2.0.3 (including)
Moodle	Moodle	2.0.4 (including)	2.0.4 (including)
Moodle	Moodle	2.0.5 (including)	2.0.5 (including)
Moodle	Moodle	2.0.6 (including)	2.0.6 (including)
Moodle	Moodle	2.0.7 (including)	2.0.7 (including)
Moodle	Moodle	2.0.8 (including)	2.0.8 (including)
Moodle	Moodle	2.0.9 (including)	2.0.9 (including)
Moodle	Moodle	2.1.0 (including)	2.1.0 (including)
Moodle	Moodle	2.1.1 (including)	2.1.1 (including)
Moodle	Moodle	2.1.2 (including)	2.1.2 (including)
Moodle	Moodle	2.1.3 (including)	2.1.3 (including)
Moodle	Moodle	2.1.4 (including)	2.1.4 (including)
Moodle	Moodle	2.1.5 (including)	2.1.5 (including)
Moodle	Moodle	2.1.6 (including)	2.1.6 (including)
Moodle	Moodle	2.1.7 (including)	2.1.7 (including)
Moodle	Moodle	2.1.8 (including)	2.1.8 (including)
Moodle	Moodle	2.1.9 (including)	2.1.9 (including)
Moodle	Moodle	2.1.10 (including)	2.1.10 (including)
Moodle	Moodle	2.2.0 (including)	2.2.0 (including)
Moodle	Moodle	2.2.1 (including)	2.2.1 (including)
Moodle	Moodle	2.2.2 (including)	2.2.2 (including)
Moodle	Moodle	2.2.3 (including)	2.2.3 (including)
Moodle	Moodle	2.2.4 (including)	2.2.4 (including)
Moodle	Moodle	2.2.5 (including)	2.2.5 (including)
Moodle	Moodle	2.2.6 (including)	2.2.6 (including)
Moodle	Moodle	2.2.7 (including)	2.2.7 (including)
Moodle	Moodle	2.2.8 (including)	2.2.8 (including)
Moodle	Moodle	2.2.9 (including)	2.2.9 (including)
Moodle	Moodle	2.2.10 (including)	2.2.10 (including)
Moodle	Moodle	2.2.11 (including)	2.2.11 (including)
Moodle	Moodle	2.3.0 (including)	2.3.0 (including)
Moodle	Moodle	2.3.1 (including)	2.3.1 (including)
Moodle	Moodle	2.3.2 (including)	2.3.2 (including)
Moodle	Moodle	2.3.3 (including)	2.3.3 (including)
Moodle	Moodle	2.3.4 (including)	2.3.4 (including)
Moodle	Moodle	2.3.5 (including)	2.3.5 (including)
Moodle	Moodle	2.3.6 (including)	2.3.6 (including)
Moodle	Moodle	2.3.7 (including)	2.3.7 (including)
Moodle	Moodle	2.3.8 (including)	2.3.8 (including)
Moodle	Moodle	2.3.9 (including)	2.3.9 (including)
Moodle	Moodle	2.3.10 (including)	2.3.10 (including)
Moodle	Moodle	2.4.0 (including)	2.4.0 (including)
Moodle	Moodle	2.4.1 (including)	2.4.1 (including)
Moodle	Moodle	2.4.2 (including)	2.4.2 (including)
Moodle	Moodle	2.4.3 (including)	2.4.3 (including)
Moodle	Moodle	2.4.4 (including)	2.4.4 (including)
Moodle	Moodle	2.4.5 (including)	2.4.5 (including)
Moodle	Moodle	2.4.6 (including)	2.4.6 (including)
Moodle	Moodle	2.4.7 (including)	2.4.7 (including)
Moodle	Moodle	2.4.8 (including)	2.4.8 (including)
Moodle	Moodle	2.5.0 (including)	2.5.0 (including)
Moodle	Moodle	2.5.1 (including)	2.5.1 (including)
Moodle	Moodle	2.5.2 (including)	2.5.2 (including)
Moodle	Moodle	2.5.3 (including)	2.5.3 (including)
Moodle	Moodle	2.5.4 (including)	2.5.4 (including)
Moodle	Moodle	2.6.0 (including)	2.6.0 (including)
Moodle	Moodle	2.6.1 (including)	2.6.1 (including)
Moodle	Ubuntu	artful	*
Moodle	Ubuntu	lucid	*
Moodle	Ubuntu	precise	*
Moodle	Ubuntu	quantal	*
Moodle	Ubuntu	saucy	*
Moodle	Ubuntu	trusty	*
Moodle	Ubuntu	upstream	*
Moodle	Ubuntu	utopic	*
Moodle	Ubuntu	vivid	*
Moodle	Ubuntu	wily	*
Moodle	Ubuntu	yakkety	*
Moodle	Ubuntu	zesty	*

References

http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-43916
http://openwall.com/lists/oss-security/2014/03/17/1
https://moodle.org/mod/forum/discuss.php?d=256421

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-0124
CWE	https://cwe.mitre.org/data/definitions/264.html