Security Announcements

MSA-11-0054: Personal information leak

 
 
My ugly mug
MSA-11-0054: Personal information leak
 
Topic: When you send a message with user/action_redir you can see the emails although you had selected to hide to all
Severity: Minor
Versions affected: 2.1 to 2.1.2+, 2.0 to 2.0.5+, 1.9 to 1.9.14+
Reported by: Fernando Graells
Issue no.: MDL-20627
Changes (master): http://git.moodle.org/gw?p=moodle.git;a=commit;h=e94113a859015a4a80b9397957b8fc4044e2951f

Description:

A user's email address was being revealed through the messaging interface, even when it should have been hidden.