Vulnerability Description
Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | 2.1.0 |
Related Weaknesses (CWE)
References
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28670&sr=1Patch
- http://moodle.org/mod/forum/discuss.php?d=191750PatchVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=761248
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28670&sr=1Patch
- http://moodle.org/mod/forum/discuss.php?d=191750PatchVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=761248
FAQ
What is CVE-2011-4583?
CVE-2011-4583 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated use...
How severe is CVE-2011-4583?
CVE-2011-4583 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4583?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle.