CVE-2013-1829
Moodle 2.4.x - Authenticated Exposure of Sensitive Information via Calendar Subscription Display
Title source: llmDescription
calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not consider capability requirements before displaying calendar subscriptions, which allows remote authenticated users to obtain potentially sensitive information by leveraging the student role.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://moodle.org/mod/forum/discuss.php?d=225339
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37338
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2013/03/25/2
Scores
EPSS
0.0020
EPSS Percentile
41.7%
Details
CWE
CWE-200
Status
published
Products (2)
moodle/moodle
2.4.0
moodle/moodle
2.4.1
Published
Mar 25, 2013
Tracked Since
Feb 18, 2026