Main Vulnerability Database Vulnerabilities #VU31272

Inclusion of Sensitive Information in Log Files in Moodle - CVE-2018-10889

Published: July 10, 2018 / Updated: July 17, 2020

Vulnerability identifier: #VU31272

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-10889

CWE-ID: CWE-532

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester.

How to mitigate CVE-2018-10889

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/104733
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10889
https://moodle.org/mod/forum/discuss.php?d=373369

Inclusion of Sensitive Information in Log Files in Moodle - CVE-2018-10889

Detailed vulnerability description

How to mitigate CVE-2018-10889

Sources

Please verify you're human