Lucene search

K

Ubuntu.comUB:CVE-2014-0008

HistoryJan 20, 2014 - 12:00 a.m.

CVE-2014-0008

2014-01-2000:00:00

ubuntu.com

ubuntu.com

14

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

EPSS

0.002

Percentile

60.9%

lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before
2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote
authenticated administrators to obtain sensitive information by reading the
Config Changes Report.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721

openwall.com/lists/oss-security/2014/01/20/1

launchpad.net/bugs/cve/CVE-2014-0008

moodle.org/mod/forum/discuss.php?d=252414

nvd.nist.gov/vuln/detail/CVE-2014-0008

security-tracker.debian.org/tracker/CVE-2014-0008

www.cve.org/CVERecord?id=CVE-2014-0008

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

EPSS

0.002

Percentile

60.9%

Related for UB:CVE-2014-0008

prion1 cve1 veracode1 nvd1 cvelist1 nessus3 fedora11 openvas14 mageia1