Description
repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 includes the WebDAV password in the configuration form, which allows remote authenticated administrators to obtain sensitive information by configuring an instance.
Remediation
References
Related Vulnerabilities
MySQL CVE-2016-0665 Vulnerability (CVE-2016-0665)
WordPress Plugin bSuite Cross-Site Scripting (4.0.7)
Atlassian Jira Improper Authentication Vulnerability (CVE-2019-20412)
WordPress Ultimate Member Plugin CVE-2020-36170 Vulnerability (CVE-2020-36170)
WordPress Plugin PowerPack Lite for Beaver Builder Local File Inclusion (1.3.0.3)