Security Announcements

My ugly mug
MSA-12-0056: Information leak in drag-and-drop
Topic: Information disclosure in yui_combo.php
Severity/Risk: Minor
Versions affected: 2.3 to 2.3.1+
Reported by: Mark Baseggio
Issue no.: MDL-35168

CVE Identifier:

Changes (master):


The drag-and-drop script was responding to bad requests with information that included the full path to scripts on the server.