CVE-2013-1832
Published: 11 March 2013
repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 includes the WebDAV password in the configuration form, which allows remote authenticated administrators to obtain sensitive information by configuring an instance.
Notes
Author | Note |
---|---|
seth-arnold | MSA-13-0014 |
Priority
Status
Package | Release | Status |
---|---|---|
moodle Launchpad, Ubuntu, Debian |
xenial |
Needed
|
artful |
Ignored
(end of life)
|
|
bionic |
Needed
|
|
cosmic |
Ignored
(end of life)
|
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life)
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hardy |
Ignored
(end of life)
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lucid |
Not vulnerable
(1.9.4.dfsg-0ubuntu4)
|
|
lunar |
Does not exist
|
|
oneiric |
Not vulnerable
(1.9.9.dfsg2-3)
|
|
precise |
Not vulnerable
(1.9.9.dfsg2-6)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Released
(2.4.2, 2.3.5, 2.2.8)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
mantic |
Does not exist
|
|
Patches: upstream: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37681 |