Description
rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed.
Remediation
References
Related Vulnerabilities
WordPress Plugin IMPress Listings Cross-Site Scripting (2.0.1)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-4041)
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-15241)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2023-0401)
WordPress Plugin ImageLinks Interactive Image Builder for WordPress Cross-Site Scripting (1.5.2)