Description

A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester.

Remediation

References

CVE-2018-10889

Related Vulnerabilities

WordPress Plugin Simple Membership Cross-Site Scripting (3.5.6)

WordPress Plugin YITH Advanced Refund System for WooCommerce Security Bypass (1.0.10)

WordPress Plugin Ruben Boelinger wordTube 'wpPATH' Parameter Multiple Remote File Include Vulnerabilities (1.43)

WordPress Plugin WP Print Friendly Security Bypass (0.5.2)

WordPress 4.3.x Cross-Site Scripting Vulnerability (4.3 - 4.3.3)

Severity

Medium

Classification

CVE-2018-10889 CWE-532 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities