Information Leakage

2017-07-2108:02:19

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.001

Percentile

41.9%

JSON

Moodle is vulnerable to information leakage. When RSS tokens are used to impersonate another user, rss/file.php shows a rss feed error shows block information of the impersonated user.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37818

git.moodle.org/gw?p=moodle.git;a=commit;h=e73cb1acb8215b8c3cccf2dfb20ca2deb43bea69

moodle.org/mod/forum/discuss.php?d=232502

EPSS

0.001

Percentile

41.9%

JSON

Related for VERACODE:4627