MSA-20-0021: The participants table download feature did not respect the site's show user identity configuration

by Michael Hawkins.  

The participants table download always included user emails, but should have only done so when users' emails are not hidden.


Severity/Risk:Minor
Versions affected:3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8
Versions fixed:3.10, 3.9.3, 3.8.6 and 3.7.9
Reported by:A. Schenkel
CVE identifier:CVE-2020-25703
Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69844
Tracker issue:MDL-69844 The participants table download feature did not respect the site's "show user identity" configuration

Read more https://moodle.org/mod/forum/discuss.php?d=413941&parent=1668777