CVE-2016-2190: Insertion of Sensitive Information into Log File

May 22, 2016 (updated September 7, 2017)

Moodle does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log.

References

moodle.org/mod/forum/discuss.php?d=330181
nvd.nist.gov/vuln/detail/CVE-2016-2190

Code Behaviors & Features

Detect and mitigate CVE-2016-2190 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →