GHSA-wmvq-q9h8-7j4g

Source

https://github.com/advisories/GHSA-wmvq-q9h8-7j4g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wmvq-q9h8-7j4g/GHSA-wmvq-q9h8-7j4g.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-wmvq-q9h8-7j4g

Aliases

CVE-2018-10889

Published

2022-05-13T01:34:55Z

Modified

2024-02-16T08:16:35.017230Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Moodle sensitive information disclosure

Details

A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester.

Database specific

{
    "nvd_published_at": "2018-07-10T18:29:00Z",
    "cwe_ids": [
        "CWE-532"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-21T21:38:41Z"
}

References

Affected packages

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.5

Fixed

3.5.1

Affected versions

3.*

3.5

v3.*

v3.5.0-beta

v3.5.0-rc1

v3.5.0

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.4.3

Fixed

3.4.4

Affected versions

3.*

3.4.3

v3.*

v3.4.3

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.3

Fixed

3.3.7

Affected versions

v3.*

v3.3.0-beta

v3.3.0-rc1

v3.3.0-rc2

v3.3.0-rc3

v3.3.0

v3.3.1

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.3.6

Database specific

{
    "last_known_affected_version_range": "<= 3.3.6"
}