Candidate: CVE-2013-2245
PublicDate: 2013-07-29 13:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2245
 https://moodle.org/mod/forum/discuss.php?d=232502
 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37818
Description:
 rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before
 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly
 implement the use of RSS tokens for impersonation, which allows remote
 authenticated users to obtain sensitive block information by reading an RSS
 feed.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_moodle:
upstream_moodle: released (2.5.1-1)
lucid_moodle: ignored (reached end-of-life)
precise_moodle: ignored (reached end-of-life)
precise/esm_moodle: DNE (precise was needs-triage)
quantal_moodle: ignored (reached end-of-life)
raring_moodle: ignored (reached end-of-life)
saucy_moodle: not-affected (2.5.1-1)
trusty_moodle: not-affected (2.5.1-1)
trusty/esm_moodle: DNE (trusty was not-affected [2.5.1-1])
utopic_moodle: not-affected (2.5.1-1)
vivid_moodle: not-affected (2.5.1-1)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: not-affected (2.5.1-1)
xenial_moodle: not-affected (2.5.1-1)
yakkety_moodle: not-affected (2.5.1-1)
zesty_moodle: not-affected (2.5.1-1)
devel_moodle: not-affected (2.5.1-1)