MSA-18-0014: Privacy data exports include log data

by Michael Hawkins.  

No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester. Note this may be a serious privacy consideration for sites processing data exports.


Severity/Risk:Minor
Versions affected:3.5, 3.4.3, 3.3 to 3.3.6
Versions fixed:3.5.1, 3.4.4, 3.3.7
Reported by:Ralf Hilgenstock
CVE identifier:CVE-2018-10889
Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62616
Tracker issue:MDL-62616 Privacy data exports include log data

Read more https://moodle.org/mod/forum/discuss.php?d=373369&parent=1505292