Description
Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass the moodle/role:manage capability requirement and read all capability data by visiting the Check Permissions page.
Remediation
References
Related Vulnerabilities
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3433)
WordPress Plugin PDW Media File Browser 'upload.php' Arbitrary File Upload (1.1)
Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7925)
WordPress Plugin WORDPRESS VIDEO GALLERY Open Email Relay (2.8)
Python Resource Management Errors Vulnerability (CVE-2012-0845)