Security announcements

MSA-14-0044: Hardware path disclosed in the error message

 
Picture of Marina Glancy
MSA-14-0044: Hardware path disclosed in the error message
 
Description: By directly accessing an internal file, an unauthenticated user can be shown an error message containing the file system path of the Moodle install.
Issue summary: PHPunit: lib/phpunit/bootstrap.php leaks system info
Severity/Risk: Minor
Versions affected: 2.7 to 2.7.2, 2.6 to 2.6.5
Versions fixed: 2.8, 2.7.3 and 2.6.6
Reported by: Sam Marshall
Issue no.: MDL-47287
Workaround: Prevent web access to this file in web server directives
CVE identifier: CVE-2014-7848
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47287