Description

lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.

Remediation

References

CVE-2014-0008

Related Vulnerabilities

Ruby on Rails Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-0130)

Apache Tomcat Other Vulnerability (CVE-2006-3835)

phpMyAdmin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-19969)

WordPress Plugin Larsens Calender Cross-Site Scripting (1.2)

Oracle Database Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-10219)

Severity

Medium

Classification

CVE-2014-0008

Tags

Missing Update Known Vulnerabilities