CVE-2016-5014: Exposure of Sensitive Information to an Unauthorized Actor

May 13, 2022 (updated July 28, 2023)

In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.

References

github.com/advisories/GHSA-c4cq-v4wp-28hg
github.com/moodle/moodle/commit/ea106d2a1dbc633a22f12a119763b2af5f33542b
moodle.org/mod/forum/discuss.php?d=336699
nvd.nist.gov/vuln/detail/CVE-2016-5014
web.archive.org/web/20210123154548/http://www.securityfocus.com/bid/92042

Code Behaviors & Features

Detect and mitigate CVE-2016-5014 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →