GHSA-pgp5-rcwp-qvfg

Source

https://github.com/advisories/GHSA-pgp5-rcwp-qvfg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pgp5-rcwp-qvfg/GHSA-pgp5-rcwp-qvfg.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-pgp5-rcwp-qvfg

Aliases

CVE-2013-1832

Published

2022-05-13T01:12:57Z

Modified

2024-12-05T05:34:51.641259Z

Summary

Moodle includes the WebDAV password in the configuration form

Details

repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 includes the WebDAV password in the configuration form, which allows remote authenticated administrators to obtain sensitive information by configuring an instance.

Database specific

{
    "nvd_published_at": "2013-03-25T21:55:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-22T16:49:23Z"
}

References

Affected packages

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Last affected

2.1.10

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2.0

Fixed

2.2.8

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.3.0

Fixed

2.3.5

Affected versions

v2.*

v2.3.4

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.4.0

Fixed

2.4.2

Affected versions

v2.*

v2.4.0

v2.4.1