GitHub Advisory DatabaseGHSA-PGP5-RCWP-QVFGMoodle includes the WebDAV password in the configuration form
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
48.7%
repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 includes the WebDAV password in the configuration form, which allows remote authenticated administrators to obtain sensitive information by configuring an instance.
Affected configurations
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37681
lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
openwall.com/lists/oss-security/2013/03/25/2
github.com/advisories/GHSA-pgp5-rcwp-qvfg
github.com/moodle/moodle/commit/0e94caf991d4e399726e5dc0769873d9f753a727
github.com/moodle/moodle/commit/46eec6e46b89a7e8e3f08e460d917f2d1a2959d8
github.com/moodle/moodle/commit/92e592385784ec7ea5b5328a0c3c1608d321ad32
github.com/moodle/moodle/commit/ce96f23fe15ce6addc2f56af015452c3ea406190
moodle.org/mod/forum/discuss.php?d=225343
nvd.nist.gov/vuln/detail/CVE-2013-1832
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
48.7%