CVE-2010-1617

Priority
Description
user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not
properly check a role, which allows remote authenticated users to obtain
the full names of other users via the course profile page.
References
Notes
 kees> MSA-10-0003 http://tracker.moodle.org/browse/MDL-21830
Package
Upstream:released (1.9.8)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1.9.9.dfsg2-2)
Patches:
Upstream:http://cvs.moodle.org/moodle/user/view.php?r1=1.168.2.28&r2=1.168.2.29
More Information

Updated: 2018-09-26 06:51:49 UTC (commit 2c85db1cbbe986be0a0659e41e8f961058e5adca)