CVE-2014-0008
Published: 20 January 2014
lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.
Priority
Status
Package | Release | Status |
---|---|---|
moodle Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was not-affected [2.5.4-1])
|
|
upstream |
Released
(2.4.8, 2.5.4, 2.6.1)
|
|
utopic |
Not vulnerable
(2.5.4-1)
|
|
vivid |
Not vulnerable
(2.5.4-1)
|
|
wily |
Not vulnerable
(2.5.4-1)
|
|
xenial |
Not vulnerable
(2.5.4-1)
|
|
yakkety |
Not vulnerable
(2.5.4-1)
|
|
zesty |
Not vulnerable
(2.5.4-1)
|
|
Patches: upstream: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721 |