Description

A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester.

Remediation

References

CVE-2018-10889

Related Vulnerabilities

Zope Web Application Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-32633)

Django Improper Access Control Vulnerability (CVE-2016-2048)

WordPress Plugin Tutor LMS-eLearning and online course solution Insecure Direct Object Reference (2.7.0)

WordPress Plugin Duplicate Post Cross-Site Scripting (2.6)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2607)

Severity

Medium

Classification

CVE-2018-10889 CWE-532 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities