| Vulnerability Name: | CVE-2011-4583 (CCN-77220) | ||||||||
| Assigned: | 2011-12-06 | ||||||||
| Published: | 2011-12-06 | ||||||||
| Updated: | 2020-12-01 | ||||||||
| Summary: | Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens. | ||||||||
| CVSS v3 Severity: | 2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P) 4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
2.6 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Other | ||||||||
| References: | Source: MITRE Type: CNA CVE-2011-4583 Source: CONFIRM Type: Patch http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28670&sr=1 Source: CCN Type: MSA-11-0044 Expired identification information shown in Web services Source: CONFIRM Type: Patch, Vendor Advisory http://moodle.org/mod/forum/discuss.php?d=191750 Source: CCN Type: OSVDB ID: 79773 Moodle Security Key Web Service Token Disclosure Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=761248 Source: XF Type: UNKNOWN moodle-tokens-unspecified(77220) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||