PT-2013-3414 · Moodle · Moodle
Ankit Agarwal
·
Publicado
2013-03-25
·
Atualizado
2020-12-01
·
CVE-2013-1829
CVSS v2.0
4.0
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions 2.4.0 through 2.4.1
Description
The issue allows remote authenticated users to obtain potentially sensitive information by leveraging the student role, due to the failure of calendar/managesubscriptions.php to consider capability requirements before displaying calendar subscriptions.
Recommendations
For Moodle versions 2.4.0 through 2.4.1, update to version 2.4.2 or later to resolve the issue.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Moodle