CVE-2018-10889

Description

A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester.

CVSS breakdown

CVSS 3.0

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected products

Unknown / moodlemoodle 3.5.1 – moodle 3.5.1
Unknown / moodlemoodle 3.4.4 – moodle 3.4.4
Unknown / moodlemoodle 3.3.7 – moodle 3.3.7

References

MISChttp://www.securityfocus.com/bid/104733
MISChttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10889
MISChttps://moodle.org/mod/forum/discuss.php?d=373369