First published: Fri Jul 20 2012(Updated: )
Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Moodle | =2.1.2 | |
Moodle | =2.1.1 | |
Moodle | =2.1.0 | |
Moodle | =2.0.2 | |
Moodle | =2.0.1 | |
Moodle | =2.0.4 | |
Moodle | =2.0.3 | |
Moodle | =2.0.5 | |
Moodle | =2.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2011-4583 is classified as a medium severity vulnerability.
To mitigate CVE-2011-4583, upgrade to Moodle version 2.0.6 or 2.1.3 or later.
CVE-2011-4583 allows remote authenticated users to read web service tokens that should not be accessible.
CVE-2011-4583 affects Moodle versions 2.0.0 to 2.0.5 and 2.1.0 to 2.1.2.
An attacker could leverage the exposed web service tokens to gain unauthorized access to resources.