Description
mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1135)
XWiki Cleartext Storage of Sensitive Information Vulnerability (CVE-2023-50719)
Django Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8213)
WordPress Plugin Improved Product Options for WooCommerce Security Bypass (5.2.0)