Description
Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not consider "don't send" attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data.
Remediation
References
Related Vulnerabilities
Oracle Application Server CVE-2006-0273 Vulnerability (CVE-2006-0273)
Oracle JRE CVE-2013-1557 Vulnerability (CVE-2013-1557)
WordPress Plugin LearnPress-WordPress LMS Cross-Site Scripting (4.1.3.1)
WordPress Plugin LOGIN AND REGISTRATION ATTEMPTS LIMIT Cross-Site Request Forgery (2.1)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-0217)