Nathan Mares

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.1.x through 2.1.7 Moodle versions 2.2.x through 2.2.4 Moodle versions 2.3.x through 2.3.1 **Description** The issue is related to the improper restriction of web-service tokens in the webservice/lib.php file. This allows remote authenticated users to execute arbitrary external-service functions using a token that was intended for only one service. **Recommendations** For Moodle versions 2.1.x through 2.1.7, update to version 2.1.8 or later. For Moodle versions 2.2.x through 2.2.4, update to version 2.2.5 or later. For Moodle versions 2.3.x through 2.3.1, update to version 2.3.2 or later.