John Holmes

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.1.10 and earlier, 2.2.x through 2.2.7, 2.3.x through 2.3.4, 2.4.x through 2.4.1 **Description** The issue allows remote authenticated administrators to obtain sensitive information by configuring an instance, due to the inclusion of the WebDAV password in the configuration form in the repository/webdav/lib.php file. **Recommendations** For Moodle versions 2.1.10 and earlier, update to version 2.1.11 or later. For Moodle versions 2.2.x through 2.2.7, update to version 2.2.8 or later. For Moodle versions 2.3.x through 2.3.4, update to version 2.3.5 or later. For Moodle versions 2.4.x through 2.4.1, update to version 2.4.2 or later.