Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37245
lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html
lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html
lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html
openwall.com/lists/oss-security/2013/05/21/1
github.com/moodle/moodle
github.com/moodle/moodle/commit/28772fb9e7e6be01b765fb721af16901bb47e417
github.com/moodle/moodle/commit/5fde58a59335bc3109a9eaac4a15d1e9217541c3
github.com/moodle/moodle/commit/8aa12adcf26ff2f0b61cd6f0288f2886c8c55bf7
github.com/moodle/moodle/commit/9a909b1a359f72b8d384e18da8e05474604279e1
github.com/moodle/moodle/commit/cb538f0e539e833edb7cf6fa3d705e8abc5003fd
github.com/moodle/moodle/commit/f9e27e8323f31186820d25252ec0d4c6cd65dafc
moodle.org/mod/forum/discuss.php?d=228934
nvd.nist.gov/vuln/detail/CVE-2013-2082