Security Announcements

 
 
My ugly mug
MSA-12-0056: Information leak in drag-and-drop
 
Topic: Information disclosure in yui_combo.php
Severity/Risk: Minor
Versions affected: 2.3 to 2.3.1+
Reported by: Mark Baseggio
Issue no.: MDL-35168

CVE Identifier:

CVE-2012-4403
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35168

Description:

The drag-and-drop script was responding to bad requests with information that included the full path to scripts on the server.