Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Moodle | Moodle | 2.1.0 (including) | 2.1.0 (including) |
| Moodle | Moodle | 2.1.1 (including) | 2.1.1 (including) |
| Moodle | Moodle | 2.1.2 (including) | 2.1.2 (including) |
| Moodle | Ubuntu | hardy | * |
| Moodle | Ubuntu | lucid | * |
| Moodle | Ubuntu | maverick | * |
| Moodle | Ubuntu | natty | * |
| Moodle | Ubuntu | oneiric | * |
References
- http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-28670\u0026sr=1
- http://moodle.org/mod/forum/discuss.php?d=191750
- https://bugzilla.redhat.com/show_bug.cgi?id=761248
- http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-28670\u0026sr=1
- http://moodle.org/mod/forum/discuss.php?d=191750
- https://bugzilla.redhat.com/show_bug.cgi?id=761248