CVE-2014-0008

lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.

Published: Jan 20, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-0008
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-255

Affected Software
References

Software	From	Fixed in
moodle / moodle	2.5.1	2.5.1.x
moodle / moodle	2.5.3	2.5.3.x
moodle / moodle	2.5.2	2.5.2.x
moodle / moodle	2.5.0	2.5.0.x
moodle / moodle	2.6.0	2.6.0.x
moodle / moodle	2.4.3	2.4.3.x
moodle / moodle	2.4.1	2.4.1.x
moodle / moodle	2.4.2	2.4.2.x
moodle / moodle	2.4.6	2.4.6.x
moodle / moodle	2.4.4	2.4.4.x
moodle / moodle	2.4.7	2.4.7.x
moodle / moodle	2.4.5	2.4.5.x
moodle / moodle	2.4.0	2.4.0.x
moodle / moodle	2.3.8	2.3.8.x
moodle / moodle	2.3.4	2.3.4.x
moodle / moodle	2.3.1	2.3.1.x
moodle / moodle	2.3.6	2.3.6.x
moodle / moodle	2.3.10	2.3.10.x
moodle / moodle	2.3.5	2.3.5.x
moodle / moodle	2.3.3	2.3.3.x
moodle / moodle	-	2.3.11.x
moodle / moodle	2.3.7	2.3.7.x
moodle / moodle	2.3.2	2.3.2.x
moodle / moodle	2.3.9	2.3.9.x
moodle / moodle	2.3.0	2.3.0.x

Vulnerability Database

289,697

CVE-2014-0008