Description
Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2023-22077 Vulnerability (CVE-2023-22077)
WordPress Plugin WooCommerce Cross-Site Request Forgery (2.2.2)
Jenkins Incorrect Default Permissions Vulnerability (CVE-2023-43496)
MySQL CVE-2018-3212 Vulnerability (CVE-2018-3212)
WordPress Plugin Email Encoder-Protect Email Addresses Cross-Site Scripting (2.1.1)