Data Privacy Vulnerability in Moodle by Moodle HQ
CVE-2018-10889

4.3MEDIUM

Key Information:

Vendor: [unknown]
Status: Moodle
Vendor: CVE Published:; 10 July 2018

What is CVE-2018-10889?

A data privacy issue was identified in Moodle versions prior to 3.5.1, 3.4.4, and 3.3.7. The vulnerability arises from the lack of an option to omit logs when exporting data for privacy, potentially exposing sensitive details of users who have interacted with the requestor. This flaw could inadvertently reveal personal information during data exports, compromising user privacy and security.

Affected Version(s)

moodle moodle 3.5.1

moodle moodle 3.4.4

moodle moodle 3.3.7

References

http://www.securityfocus.com/bid/104733

vdb-entryx_refsource_BID

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10889

x_refsource_CONFIRM

https://moodle.org/mod/forum/discuss.php?d=373369

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2018
Vulnerability Reserved
May 9, 2018

[unknown]

What is CVE-2018-10889?

Affected Version(s)

References

CVSS V3.1

Timeline