Description: | Name of the inaccessible forum or forum discussion could be disclosed as part of the error message on the subscription page |
Issue summary: | Information disclosure of hidden forum names and sub-names. |
Severity/Risk: | Minor |
Versions affected: | 3.0 to 3.0.3, 2.9 to 2.9.5 and 2.8 to 2.8.11 |
Versions fixed: | 3.0.4, 2.9.6 and 2.8.12 |
Reported by: | Callum Carney |
Issue no.: | MDL-53696 |
CVE identifier: | CVE-2016-3731 |
Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53696 |
MSA-16-0015: Information disclosure of hidden forum names and sub-names.
by Marina Glancy -
Number of replies: 0