Information disclosure in Moodle - CVE-2018-1044

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU37618

Information disclosure in Moodle - CVE-2018-1044

Published: January 22, 2018 / Updated: August 8, 2020


Vulnerability identifier: #VU37618
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-1044
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: moodle.org
Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings.


How to mitigate CVE-2018-1044

Install update from vendor's website.

Sources