CVE-2013-1832 Information

Description

repository/webdav/lib.php in Moodle 2.x through 2.1.10 2.2.x before 2.2.8 2.3.x before 2.3.5 and 2.4.x before 2.4.2 includes the WebDAV password in the configuration form which allows remote authenticated administrators to obtain sensitive information by configuring an instance.

Reference

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37681 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html http://openwall.com/lists/oss-security/2013/03/25/2 https://moodle.org/mod/forum/discuss.php?d=225343