Lucene search

K

GoogleOSV:GHSA-PGP5-RCWP-QVFG

HistoryMay 13, 2022 - 1:12 a.m.

Moodle includes the WebDAV password in the configuration form

2022-05-1301:12:57

Google

osv.dev

4

moodle

webdav

password exposure

configuration form

remote authenticated administrators

sensitive information

AI Score

6.1

Confidence

Low

EPSS

0.001

Percentile

48.7%

repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 includes the WebDAV password in the configuration form, which allows remote authenticated administrators to obtain sensitive information by configuring an instance.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37681

lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html

lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html

openwall.com/lists/oss-security/2013/03/25/2

github.com/moodle/moodle

github.com/moodle/moodle/commit/0e94caf991d4e399726e5dc0769873d9f753a727

github.com/moodle/moodle/commit/46eec6e46b89a7e8e3f08e460d917f2d1a2959d8

github.com/moodle/moodle/commit/92e592385784ec7ea5b5328a0c3c1608d321ad32

github.com/moodle/moodle/commit/ce96f23fe15ce6addc2f56af015452c3ea406190

moodle.org/mod/forum/discuss.php?d=225343

nvd.nist.gov/vuln/detail/CVE-2013-1832

AI Score

6.1

Confidence

Low

EPSS

0.001

Percentile

48.7%

Related for OSV:GHSA-PGP5-RCWP-QVFG

cvelist1 cve1 prion1 veracode1 nvd1 ubuntucve1 github1 nessus2 openvas4 fedora2