Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1829)
Description
calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not consider capability requirements before displaying calendar subscriptions, which allows remote authenticated users to obtain potentially sensitive information by leveraging the student role.