PT-2013-3414 · Moodle · Moodle
Ankit Agarwal
·
Published
2013-03-25
·
Updated
2020-12-01
·
CVE-2013-1829
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions 2.4.0 through 2.4.1
Description
The issue allows remote authenticated users to obtain potentially sensitive information by leveraging the student role, due to the failure of calendar/managesubscriptions.php to consider capability requirements before displaying calendar subscriptions.
Recommendations
For Moodle versions 2.4.0 through 2.4.1, update to version 2.4.2 or later to resolve the issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Moodle