Vulnerability Description
A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester.
CVSS Score
4.3
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | >= 3.3.0, < 3.3.7 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104733Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10889Issue TrackingPatchThird Party Advisory
- https://moodle.org/mod/forum/discuss.php?d=373369PatchVendor Advisory
- http://www.securityfocus.com/bid/104733Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10889Issue TrackingPatchThird Party Advisory
- https://moodle.org/mod/forum/discuss.php?d=373369PatchVendor Advisory
FAQ
What is CVE-2018-10889?
CVE-2018-10889 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester.
How severe is CVE-2018-10889?
CVE-2018-10889 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-10889?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle.