Description
lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contextual Related Posts Cross-Site Request Forgery (1.8.6)
Jenkins Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-2102)
Joomla! Core 1.7.0 Cross-Site Scripting (1.7.0)
WordPress Plugin WordPress Photo Gallery-Image Gallery Cross-Site Request Forgery (1.0.6)