Description
mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly implement the requirement for posting before reading a Q&A forum, which allows remote authenticated users to bypass intended access restrictions by leveraging the student role and reading the RSS feed for a forum.
Remediation
References
Related Vulnerabilities
Rukovoditel Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-20166)
WordPress CVE-2012-2400 Vulnerability (CVE-2012-2400)
OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2005-2946)
Restlet Framework XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2013-4221)