Description
rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed.
Remediation
References
Related Vulnerabilities
phpMyAdmin Other Vulnerability (CVE-2005-3301)
Oracle JRE CVE-2017-10348 Vulnerability (CVE-2017-10348)
WordPress Plugin Greg's High Performance SEO Cross-Site Scripting (1.6.1)
Drupal Data Processing Errors Vulnerability (CVE-2016-3171)
Mailman Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-6893)