CVE-2011-4583

2012-07-2010:40:35

CWE-264

redhat

web.nvd.nist.gov

moodle

cve-2011-4583

web service

token

unauthorized access

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.3

Confidence

Low

EPSS

0.003

Percentile

66.3%

JSON

Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens.

Affected configurations

Nvd

Node

moodlemoodleMatch2.1.0

moodlemoodleMatch2.1.1

moodlemoodleMatch2.1.2

Node

moodlemoodleMatch2.0.0

moodlemoodleMatch2.0.1

moodlemoodleMatch2.0.2

moodlemoodleMatch2.0.3

moodlemoodleMatch2.0.4

moodlemoodleMatch2.0.5

VendorProductVersionCPE
moodlemoodle2.1.0cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*
moodlemoodle2.1.1cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*
moodlemoodle2.1.2cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*
moodlemoodle2.0.0cpe:2.3:a:moodle:moodle:2.0.0:*:*:*:*:*:*:*
moodlemoodle2.0.1cpe:2.3:a:moodle:moodle:2.0.1:*:*:*:*:*:*:*
moodlemoodle2.0.2cpe:2.3:a:moodle:moodle:2.0.2:*:*:*:*:*:*:*
moodlemoodle2.0.3cpe:2.3:a:moodle:moodle:2.0.3:*:*:*:*:*:*:*
moodlemoodle2.0.4cpe:2.3:a:moodle:moodle:2.0.4:*:*:*:*:*:*:*
moodlemoodle2.0.5cpe:2.3:a:moodle:moodle:2.0.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	2.1.0	cpe:2.3:a:moodle:moodle:2.1.0:::::::*
moodle	moodle	2.1.1	cpe:2.3:a:moodle:moodle:2.1.1:::::::*
moodle	moodle	2.1.2	cpe:2.3:a:moodle:moodle:2.1.2:::::::*
moodle	moodle	2.0.0	cpe:2.3:a:moodle:moodle:2.0.0:::::::*
moodle	moodle	2.0.1	cpe:2.3:a:moodle:moodle:2.0.1:::::::*
moodle	moodle	2.0.2	cpe:2.3:a:moodle:moodle:2.0.2:::::::*
moodle	moodle	2.0.3	cpe:2.3:a:moodle:moodle:2.0.3:::::::*
moodle	moodle	2.0.4	cpe:2.3:a:moodle:moodle:2.0.4:::::::*
moodle	moodle	2.0.5	cpe:2.3:a:moodle:moodle:2.0.5:::::::*