Moodle.org: MSA-17-0006: User fullname disclosure on user preferences page

Security announcements

MSA-17-0006: User fullname disclosure on user preferences page

Some pages show full names of users as part of the permission error message even for users who do not have capability to view full names

Severity/Risk:	Minor
Versions affected:	3.3, 3.2 to 3.2.3, 3.1 to 3.1.6 and earlier unsupported versions
Versions fixed:	3.3.1, 3.2.4 and 3.1.7
Reported by:	Andreas Grabs
CVE identifier:	CVE-2017-2642
Changes (master):	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-56565
Tracker issue:	MDL-56565 User fullname disclosure on user preferences page