MSA-17-0006: User fullname disclosure on user preferences page

by Marina Glancy.  

Some pages show full names of users as part of the permission error message even for users who do not have capability to view full names


Severity/Risk:Minor
Versions affected:3.3, 3.2 to 3.2.3, 3.1 to 3.1.6 and earlier unsupported versions
Versions fixed:3.3.1, 3.2.4 and 3.1.7
Reported by:Andreas Grabs
CVE identifier:CVE-2017-2642
Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-56565
Tracker issue:MDL-56565 User fullname disclosure on user preferences page

Read more https://moodle.org/mod/forum/discuss.php?d=355554&parent=1434234