Description
mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/feedback:view capability before displaying recent feedback, which allows remote authenticated users to obtain sensitive information via a request for all course feedback that has occurred since a specified time.
Remediation
References
Related Vulnerabilities
WordPress Plugin CopySafe PDF Protection Unspecified Vulnerability (1.10)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery SQL Injection (1.2.7)
Apache Tomcat Other Vulnerability (CVE-2000-0759)
WordPress Plugin Limit Login Attempts Reloaded Cross-Site Scripting (2.7.0)
WordPress Plugin Alpine PhotoTile for Instagram Cross-Site Scripting (1.2.7.5)