Description
Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the login_as feature.
Remediation
References
Related Vulnerabilities
Oracle Database Server Other Vulnerability (CVE-2001-0942)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8625)
Restlet Framework Deserialization of Untrusted Data Vulnerability (CVE-2013-4271)
WordPress Plugin Advanced AJAX Product Filters Security Bypass (1.3.6.1)