Lucene search

Veracode Vulnerability DatabaseVERACODE:4644

HistoryJul 24, 2017 - 6:41 a.m.

Sensitive Information Leakage

2017-07-2406:41:24

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

Moodle is vulnerable to sensitive information leakage. Privacy settings for the IMS-LT which includes the sendname, sendemailaddr, and acceptgrades settings are not properly enforced, allowing the transfer of personal sensitive information.

CPENameOperatorVersion
moodle/moodlele2.4.4
moodle/moodlele2.3.7
moodle/moodlele2.2.10
moodle/moodlele2.5.0

Name	Operator	Version
moodle/moodle	le	2.4.4
moodle/moodle	le	2.3.7
moodle/moodle	le	2.2.10
moodle/moodle	le	2.5.0

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40308

moodle.org/mod/forum/discuss.php?d=232497

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

Related for VERACODE:4644