EPSS
Percentile
41.9%
Moodle is vulnerable to information leakage. When RSS tokens are used to impersonate another user, rss/file.php shows a rss feed error shows block information of the impersonated user.
rss/file.php
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37818
git.moodle.org/gw?p=moodle.git;a=commit;h=e73cb1acb8215b8c3cccf2dfb20ca2deb43bea69
moodle.org/mod/forum/discuss.php?d=232502