VYPR
← All advisories
Moderate severityNVD Advisory· Published Mar 25, 2013· Updated Apr 29, 2026

CVE-2013-1832

CVE-2013-1832

Description

repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 includes the WebDAV password in the configuration form, which allows remote authenticated administrators to obtain sensitive information by configuring an instance.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
moodle/moodlePackagist
>= 2.0.0, <= 2.1.10
moodle/moodlePackagist
>= 2.2.0, < 2.2.82.2.8
moodle/moodlePackagist
>= 2.3.0, < 2.3.52.3.5
moodle/moodlePackagist
>= 2.4.0, < 2.4.22.4.2

Affected products

36
  • Moodle/Moodle36 versions
    cpe:2.3:a:moodle:moodle:2.0.0:*:*:*:*:*:*:*+ 35 more
    • cpe:2.3:a:moodle:moodle:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*

Patches

4
ce96f23fe15c

MDL-37681 repository_webdav: improved form handling when configuring an instance

https://github.com/moodle/moodleFrederic MassartMar 4, 2013via ghsa
commit
1 file changed · +2 2
  • repository/webdav/lib.php+2 2 modified
    @@ -177,10 +177,10 @@ public static function instance_config_form($mform) {
         $mform->addElement('select', 'webdav_auth', get_string('authentication', 'admin'), $choices);
         $mform->addRule('webdav_auth', get_string('required'), 'required', null, 'client');
 
-
         $mform->addElement('text', 'webdav_port', get_string('webdav_port', 'repository_webdav'), array('size' => '40'));
         $mform->addElement('text', 'webdav_user', get_string('webdav_user', 'repository_webdav'), array('size' => '40'));
-        $mform->addElement('text', 'webdav_password', get_string('webdav_password', 'repository_webdav'), array('size' => '40'));
+        $mform->addElement('password', 'webdav_password', get_string('webdav_password', 'repository_webdav'),
+            array('size' => '40'));
     }
     public function supported_returntypes() {
         return (FILE_INTERNAL | FILE_EXTERNAL);
92e592385784

MDL-37681 repository_webdav: improved form handling when configuring an instance

https://github.com/moodle/moodleFrederic MassartMar 4, 2013via ghsa
commit
1 file changed · +2 2
  • repository/webdav/lib.php+2 2 modified
    @@ -177,10 +177,10 @@ public static function instance_config_form($mform) {
         $mform->addElement('select', 'webdav_auth', get_string('authentication', 'admin'), $choices);
         $mform->addRule('webdav_auth', get_string('required'), 'required', null, 'client');
 
-
         $mform->addElement('text', 'webdav_port', get_string('webdav_port', 'repository_webdav'), array('size' => '40'));
         $mform->addElement('text', 'webdav_user', get_string('webdav_user', 'repository_webdav'), array('size' => '40'));
-        $mform->addElement('text', 'webdav_password', get_string('webdav_password', 'repository_webdav'), array('size' => '40'));
+        $mform->addElement('password', 'webdav_password', get_string('webdav_password', 'repository_webdav'),
+            array('size' => '40'));
     }
     public function supported_returntypes() {
         return (FILE_INTERNAL | FILE_EXTERNAL);
0e94caf991d4

MDL-37681 repository_webdav: improved form handling when configuring an instance

https://github.com/moodle/moodleFrederic MassartMar 4, 2013via ghsa
commit
1 file changed · +2 2
  • repository/webdav/lib.php+2 2 modified
    @@ -177,10 +177,10 @@ public static function instance_config_form($mform) {
         $mform->addElement('select', 'webdav_auth', get_string('authentication', 'admin'), $choices);
         $mform->addRule('webdav_auth', get_string('required'), 'required', null, 'client');
 
-
         $mform->addElement('text', 'webdav_port', get_string('webdav_port', 'repository_webdav'), array('size' => '40'));
         $mform->addElement('text', 'webdav_user', get_string('webdav_user', 'repository_webdav'), array('size' => '40'));
-        $mform->addElement('text', 'webdav_password', get_string('webdav_password', 'repository_webdav'), array('size' => '40'));
+        $mform->addElement('password', 'webdav_password', get_string('webdav_password', 'repository_webdav'),
+            array('size' => '40'));
     }
     public function supported_returntypes() {
         return (FILE_INTERNAL | FILE_EXTERNAL);
46eec6e46b89

MDL-37681 repository_webdav: improved form handling when configuring an instance

https://github.com/moodle/moodleFrederic MassartMar 4, 2013via ghsa
commit
1 file changed · +2 2
  • repository/webdav/lib.php+2 2 modified
    @@ -202,10 +202,10 @@ public function instance_config_form($mform) {
         $mform->addElement('select', 'webdav_auth', get_string('authentication', 'admin'), $choices);
         $mform->addRule('webdav_auth', get_string('required'), 'required', null, 'client');
 
-
         $mform->addElement('text', 'webdav_port', get_string('webdav_port', 'repository_webdav'), array('size' => '40'));
         $mform->addElement('text', 'webdav_user', get_string('webdav_user', 'repository_webdav'), array('size' => '40'));
-        $mform->addElement('text', 'webdav_password', get_string('webdav_password', 'repository_webdav'), array('size' => '40'));
+        $mform->addElement('password', 'webdav_password', get_string('webdav_password', 'repository_webdav'),
+            array('size' => '40'));
     }
     public function supported_returntypes() {
         return (FILE_INTERNAL | FILE_EXTERNAL);

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

10

News mentions

0

No linked articles in our index yet.