Description
calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not consider capability requirements before displaying calendar subscriptions, which allows remote authenticated users to obtain potentially sensitive information by leveraging the student role.
Remediation
References
Related Vulnerabilities
WordPress Plugin Admin renamer extended Cross-Site Scripting (3.2)
WordPress Plugin WordPress Form Customizer-CF7 Customizer Cross-Site Scripting (1.6.1)
Internet Information Services Other Vulnerability (CVE-2000-0951)
OpenSSL Other Vulnerability (CVE-2014-0198)
Oracle Database Server CVE-2014-4298 Vulnerability (CVE-2014-4298)