CVSS: 5.5EPSS: 0%CPEs: 57EXPL: 0CVE-2014-0009
https://notcve.org/view.php?id=CVE-2014-0009
course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requirement for outside-group users in a SEPARATEGROUPS configuration, which allows remote authenticated users to perform "login as" actions via a direct request. course/loginas.php en Moodle hasta 2.2.11, 2.3.x antes de 2.3.11, 2.4.x antes de 2.4.8, 2.5.x antes de 2.5.4 y 2.6.x antes de 2.6.1 no fuerza el reuiisto moodle/site:accessallgroups para los usuarios de fuera del grupo en una configuración SEPARATEGROUPS, que permite a los usuarios remotos autenticados para realizar acciones "login como" mediante una petición directa. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42643 http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.html http://openwall.com/lists/oss-security/2014/01/20/1 http://www.securitytracker.com/id/1029648 https://moodle.org/mod/forum/discuss.php?d=252415 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 25EXPL: 0CVE-2014-0008
https://notcve.org/view.php?id=CVE-2014-0008
lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report. lib/adminlib.php en Moodle hasta la versión 2.3.11, 2.4.x anterior a la versión 2.4.8, 2.5.x anterior a 2.5.4, y 2.6.x anterior a la versión 2.6.1 registra contraseñas en texto plano, lo que permite a administradores remotos autenticados obtener información sensible mediante la lectura de Config Changes Report. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721 http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.html http://openwall.com/lists/oss-security/2014/01/20/1 http://www.securitytracker.com/id/1029647 https://moodle.org/mod/forum/discuss.php?d=252414 • CWE-255: Credentials Management Errors •