Lucene search

K

Ubuntu.comUB:CVE-2014-0008

HistoryJan 20, 2014 - 12:00 a.m.

CVE-2014-0008

2014-01-2000:00:00

ubuntu.com

ubuntu.com

8

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

61.0%

lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before
2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote
authenticated administrators to obtain sensitive information by reading the
Config Changes Report.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721

openwall.com/lists/oss-security/2014/01/20/1

launchpad.net/bugs/cve/CVE-2014-0008

moodle.org/mod/forum/discuss.php?d=252414

nvd.nist.gov/vuln/detail/CVE-2014-0008

security-tracker.debian.org/tracker/CVE-2014-0008

www.cve.org/CVERecord?id=CVE-2014-0008

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

61.0%

Related for UB:CVE-2014-0008

cvelist1 cve1 prion1 veracode1 nvd1 mageia1 nessus3 fedora11 openvas14