The participants table download always included user emails, but should have only done so when users' emails are not hidden.
Severity/Risk: | Minor |
Versions affected: | 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8 |
Versions fixed: | 3.10, 3.9.3, 3.8.6 and 3.7.9 |
Reported by: | A. Schenkel |
CVE identifier: | CVE-2020-25703 |
Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69844 |
Tracker issue: | MDL-69844 The participants table download feature did not respect the site's "show user identity" configuration |