Sensitive Information Leakage

2017-07-2007:58:14

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.002

Percentile

54.7%

JSON

Moodle is vulnerable to sensitive information leakage. The vulnerability can happen because it does not properly check permission for files access when files are embedded by the HTML block and the blocks are hidden.

References

git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=c58c05ad4f22c6ee1e136a7d4caaddd809a7134d

git.moodle.org/gw?p=moodle.git;a=commit;h=c58c05ad4f22c6ee1e136a7d4caaddd809a7134d

openwall.com/lists/oss-security/2012/07/17/1

secunia.com/advisories/49890

www.securityfocus.com/bid/54481

exchange.xforce.ibmcloud.com/vulnerabilities/76956