{"api_version":"1","generated_at":"2026-05-06T17:05:24+00:00","cve":"CVE-2018-10889","urls":{"html":"https://cve.report/CVE-2018-10889","api":"https://cve.report/api/cve/CVE-2018-10889.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-10889","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-10889"},"summary":{"title":"CVE-2018-10889","description":"A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2018-07-10 18:29:00","updated_at":"2019-10-09 23:33:00"},"problem_types":["CWE-532"],"metrics":[],"references":[{"url":"https://moodle.org/mod/forum/discuss.php?d=373369","name":"https://moodle.org/mod/forum/discuss.php?d=373369","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"Moodle.org: MSA-18-0014: Privacy data exports include log data","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/104733","name":"104733","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Malformed Request","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10889","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10889","refsource":"CONFIRM","tags":["Issue Tracking","Patch","Third Party Advisory"],"title":"1599799 – (CVE-2018-10889) CVE-2018-10889 moodle: Privacy data exports include log data","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-10889","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10889","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"10889","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"moodle","cpe5":"moodle","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"10889","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"moodle","cpe5":"moodle","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secalert@redhat.com","ID":"CVE-2018-10889","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"moodle","version":{"version_data":[{"version_value":"moodle 3.5.1"},{"version_value":"moodle 3.4.4"},{"version_value":"moodle 3.3.7"}]}}]},"vendor_name":"[UNKNOWN]"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester."}]},"impact":{"cvss":[[{"vectorString":"4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","version":"3.0"}]]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-532"}]}]},"references":{"reference_data":[{"name":"104733","refsource":"BID","url":"http://www.securityfocus.com/bid/104733"},{"name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10889","refsource":"CONFIRM","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10889"},{"name":"https://moodle.org/mod/forum/discuss.php?d=373369","refsource":"CONFIRM","url":"https://moodle.org/mod/forum/discuss.php?d=373369"}]}},"nvd":{"publishedDate":"2018-07-10 18:29:00","lastModifiedDate":"2019-10-09 23:33:00","problem_types":["CWE-532"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3.0","versionEndExcluding":"3.3.7","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4.0","versionEndExcluding":"3.4.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5.0","versionEndExcluding":"3.5.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"10889","Ordinal":"127341","Title":"CVE-2018-10889","CVE":"CVE-2018-10889","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"10889","Ordinal":"1","NoteData":"A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"10889","Ordinal":"2","NoteData":"2018-07-10","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"10889","Ordinal":"3","NoteData":"2018-07-16","Type":"Other","Title":"Modified"}]}}}