Description: | Users who had not yet posted the required answer in a Q&A forum in order to access past posts were able to see the name of the last person who had posted. |
Issue summary: | Other authors are visible in /mod/forum/view.php before student has posted their own answer. |
Severity/Risk: | Minor |
Versions affected: | 2.7 to 2.7.1, 2.6 to 2.6.4, 2.5 to 2.5.7 and earlier unsupported versions |
Versions fixed: | 2.7.2, 2.6.5 and 2.5.8 |
Reported by: | Amanda Doughty |
Issue no.: | MDL-46619 |
CVE identifier: | CVE-2014-3617 |
Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46619 |
MSA-14-0034: Identity information revealed early in Q&A forum
by Michael de Raadt -
Number of replies: 0