CVE-2011-4583
Moodle 2.0.x-2.0.6 and 2.1.x-2.1.3 - Authenticated Information Disclosure via Web Service Tokens
Title source: llmDescription
Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://moodle.org/mod/forum/discuss.php?d=191750
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=761248
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28670&sr=1
Scores
EPSS
0.0041
EPSS Percentile
61.3%
Details
CWE
CWE-264
Status
published
Products (9)
moodle/moodle
2.1.0
moodle/moodle
2.1.1
moodle/moodle
2.1.2
moodle/moodle
2.0.0
moodle/moodle
2.0.1
moodle/moodle
2.0.2
moodle/moodle
2.0.3
moodle/moodle
2.0.4
moodle/moodle
2.0.5
Published
Jul 20, 2012
Tracked Since
Feb 18, 2026