CVE-2021-32477: 
PHP vulnerability analysis and mitigation

The vulnerability (CVE-2021-32477) affects Moodle versions 3.10 to 3.10.3, where the last mobile app access time is displayed on user profile pages without proper access control. This information should be restricted to users with relevant capabilities, typically site administrators by default. The vulnerability was discovered by Strifel and disclosed on May 17, 2021 (Moodle Forum).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs low privileges, requires no user interaction, has unchanged scope, and only impacts confidentiality at a low level (NVD).

The vulnerability allows unauthorized users to view sensitive information about when other users last accessed the mobile app through their profile pages. This represents a privacy concern as this information should only be accessible to site administrators (Moodle Forum).

The vulnerability has been fixed in Moodle versions 3.11 and 3.10.4. Users running affected versions should upgrade to these or later versions to resolve the issue (Moodle Forum).