Candidate: CVE-2013-1829
CRD: 2013-03-11 04:00:00 UTC
PublicDate: 2013-03-25 21:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1829
Description:
 calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not
 consider capability requirements before displaying calendar subscriptions,
 which allows remote authenticated users to obtain potentially sensitive
 information by leveraging the student role.
Ubuntu-Description: 
Notes: 
 seth-arnold> MSA-13-0011
Bugs: 
Priority: medium
Discovered-by: Ankit Agarwal
Assigned-to: 
CVSS: 

Patches_moodle:
 upstream: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37338
upstream_moodle: released (2.4.2)
hardy_moodle: ignored (reached end-of-life)
lucid_moodle: not-affected (1.9.4.dfsg-0ubuntu4)
oneiric_moodle: not-affected (1.9.9.dfsg2-3)
precise_moodle: not-affected (1.9.9.dfsg2-6)
quantal_moodle: not-affected (2.2.3.dfsg-2.3)
devel_moodle: not-affected (2.2.6.dfsg-1)