CVE-2016-7038

High

In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.

redhat·CWE-640·Published 2017-01-20

CVSS

7.3

EPSS

0.01

KEV

Exploits

cve.orgen

120 chars

In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.

NVDen

120 chars

In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.

GHSAen

120 chars

In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.

NVDes

131 chars

En Moodle 2.x y 3.x, tokens de servicio web no son invalidados cuando la contraseña de usuario es cambiada o se obliga a cambiarla.

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.0	Primary	NVD	7.3	3.9	3.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
3.1	Secondary	GHSA	7.3	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L