Security announcements

MSA-18-0014: Privacy data exports include log data

 
Picture of Michael Hawkins
MSA-18-0014: Privacy data exports include log data
 

No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester. Note this may be a serious privacy consideration for sites processing data exports.


Severity/Risk: Minor
Versions affected: 3.5, 3.4.3, 3.3 to 3.3.6
Versions fixed: 3.5.1, 3.4.4, 3.3.7
Reported by: Ralf Hilgenstock
CVE identifier: CVE-2018-10889
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62616
Tracker issue: MDL-62616 Privacy data exports include log data