CVE-2013-2245
Moodle <= 2.1.10, 2.2.x < 2.2.11, 2.3.x < 2.3.8, 2.4.x < 2.4.5, 2.5.x < 2.5.1 - Information Disclosure
Title source: llmDescription
rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed.
References (2)
Core 2
Core References
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37818
Various Sources x_refsource_confirm
https://moodle.org/mod/forum/discuss.php?d=232502
Scores
EPSS
0.0016
EPSS Percentile
36.7%
Details
CWE
CWE-287
Status
published
Products (36)
moodle/moodle
2.1.0
moodle/moodle
2.1.1
moodle/moodle
2.1.2
moodle/moodle
2.1.3
moodle/moodle
2.1.4
moodle/moodle
2.1.5
moodle/moodle
2.1.6
moodle/moodle
2.1.7
moodle/moodle
2.1.8
moodle/moodle
2.1.9
... and 26 more
Published
Jul 29, 2013
Tracked Since
Feb 18, 2026