MSA-17-0006: User fullname disclosure on user preferences page
Some pages show full names of users as part of the permission error message even for users who do not have capability to view full names
| Severity/Risk: | Minor |
| Versions affected: | 3.3, 3.2 to 3.2.3, 3.1 to 3.1.6 and earlier unsupported versions |
| Versions fixed: | 3.3.1, 3.2.4 and 3.1.7 |
| Reported by: | Andreas Grabs |
| CVE identifier: | CVE-2017-2642 |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-56565 |
| Tracker issue: | MDL-56565 User fullname disclosure on user preferences page |