Total vulnerabilities in the database
repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 includes the WebDAV password in the configuration form, which allows remote authenticated administrators to obtain sensitive information by configuring an instance.
| Software | From | Fixed in |
|---|---|---|
| moodle / moodle | 2.0.2 | 2.0.2.x |
| moodle / moodle | 2.0.1 | 2.0.1.x |
| moodle / moodle | 2.1.2 | 2.1.2.x |
| moodle / moodle | 2.0.4 | 2.0.4.x |
| moodle / moodle | 2.1.10 | 2.1.10.x |
| moodle / moodle | 2.1.8 | 2.1.8.x |
| moodle / moodle | 2.1.9 | 2.1.9.x |
| moodle / moodle | 2.0.3 | 2.0.3.x |
| moodle / moodle | 2.1.1 | 2.1.1.x |
| moodle / moodle | 2.1.5 | 2.1.5.x |
| moodle / moodle | 2.1.6 | 2.1.6.x |
| moodle / moodle | 2.0.6 | 2.0.6.x |
| moodle / moodle | 2.0.5 | 2.0.5.x |
| moodle / moodle | 2.1.3 | 2.1.3.x |
| moodle / moodle | 2.0.9 | 2.0.9.x |
| moodle / moodle | 2.0.8 | 2.0.8.x |
| moodle / moodle | 2.1.7 | 2.1.7.x |
| moodle / moodle | 2.0.7 | 2.0.7.x |
| moodle / moodle | 2.1.4 | 2.1.4.x |
| moodle / moodle | 2.0.0 | 2.0.0.x |
| moodle / moodle | 2.1.0 | 2.1.0.x |
| moodle / moodle | 2.2.2 | 2.2.2.x |
| moodle / moodle | 2.2.6 | 2.2.6.x |
| moodle / moodle | 2.2.1 | 2.2.1.x |
| moodle / moodle | 2.2.7 | 2.2.7.x |
| moodle / moodle | 2.2.3 | 2.2.3.x |
| moodle / moodle | 2.2.5 | 2.2.5.x |
| moodle / moodle | 2.2.4 | 2.2.4.x |
| moodle / moodle | 2.2.0 | 2.2.0.x |
| moodle / moodle | 2.3.4 | 2.3.4.x |
| moodle / moodle | 2.3.1 | 2.3.1.x |
| moodle / moodle | 2.3.3 | 2.3.3.x |
| moodle / moodle | 2.3.2 | 2.3.2.x |
| moodle / moodle | 2.3.0 | 2.3.0.x |
| moodle / moodle | 2.4.1 | 2.4.1.x |
| moodle / moodle | 2.4.0 | 2.4.0.x |