Description

lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.

Remediation

References

CVE-2014-0008

Related Vulnerabilities

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-6831)

MySQL CVE-2022-21290 Vulnerability (CVE-2022-21290)

WordPress Plugin Circles Gallery Cross-Site Scripting (1.0.10)

WebLogic Observable Discrepancy Vulnerability (CVE-2019-3739)

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.17)

Severity

Medium

Classification

CVE-2014-0008

Tags

Missing Update Known Vulnerabilities