CVE-2013-1832
Moodle 2.0.0-2.4.1 - Authenticated Sensitive Information Exposure via WebDAV
Title source: llmDescription
repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 includes the WebDAV password in the configuration form, which allows remote authenticated administrators to obtain sensitive information by configuring an instance.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_confirm
https://moodle.org/mod/forum/discuss.php?d=225343
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37681
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2013/03/25/2
Scores
EPSS
0.0023
EPSS Percentile
45.9%
Details
CWE
CWE-200
Status
published
Products (37)
moodle/moodle
2.0.0
moodle/moodle
2.0.1
moodle/moodle
2.0.2
moodle/moodle
2.0.3
moodle/moodle
2.0.4
moodle/moodle
2.0.5
moodle/moodle
2.0.6
moodle/moodle
2.0.7
moodle/moodle
2.0.8
moodle/moodle
2.0.9
... and 27 more
Published
Mar 25, 2013
Tracked Since
Feb 18, 2026