CVE-2017-15110

{"id": "CVE-2017-15110", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2017-11-20T14:29:00.247", "references": [{"url": "http://www.securityfocus.com/bid/101909", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=361784", "tags": ["Issue Tracking", "Mitigation", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students."}, {"lang": "es", "value": "En las versiones 3.x de Moodle, los estudiantes pueden averiguar las direcciones de correo electr\u00f3nico de otros estudiantes en el mismo curso. Empleando la b\u00fasqueda en la p\u00e1gina Participants, los estudiantes podr\u00edan buscar las direcciones de correo electr\u00f3nico de todos los participantes, independientemente de la visibilidad del correo electr\u00f3nico. Esto permite la enumeraci\u00f3n y la adivinaci\u00f3n de correos electr\u00f3nicos de otros estudiantes."}], "lastModified": "2017-12-06T14:27:22.800", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEE2C318-E06D-4270-836A-48F07562EE3A", "versionEndIncluding": "3.0.10"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83BC3C5B-EDCF-4838-B271-715E37F4ED3D", "versionEndIncluding": "3.1.8", "versionStartIncluding": "3.1"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7325E47-944C-4D40-B679-28CD6EDD64BF", "versionEndIncluding": "3.2.5", "versionStartIncluding": "3.2"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6303BBDF-8425-4BA5-981A-0553CAA88106", "versionEndIncluding": "3.3.2", "versionStartIncluding": "3.3"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}