Description

A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester.

Remediation

References

CVE-2018-10889

Related Vulnerabilities

WordPress Plugin Passster-Password Protection Weak Encoding (3.5.5.5.1)

WordPress Plugin WP125 Cross-Site Request Forgery (1.4.9)

MySQL CVE-2019-2910 Vulnerability (CVE-2019-2910)

WordPress Plugin Zingiri Web Shop 'ajax_save_name.php' Remote Code Execution (2.2.3)

Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2021-43824)

Severity

Medium

Classification

CVE-2018-10889 CWE-532 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities