Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not consider “don’t send” attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37822
lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html
lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html
lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html
openwall.com/lists/oss-security/2013/05/21/1
github.com/moodle/moodle
github.com/moodle/moodle/commit/1d79b726d762bcc629c1a2a74cfa3eca5a7c5da7
github.com/moodle/moodle/commit/1fc34e37fdc57b4ec303cb942dc5d5535b953ed7
github.com/moodle/moodle/commit/4d65904bc132548a2ef4c2a40bf5ba2cffb5f68f
github.com/moodle/moodle/commit/54a3ce69e9ca751fffd0b3e0eb5be4add50de113
github.com/moodle/moodle/commit/60c468bcb3b6f867a70f2f30427b52e0362e93d1
github.com/moodle/moodle/commit/667eaec4d2679a8bc1fcd9f0ff17a1be2babccb0
github.com/moodle/moodle/commit/669dee58048b18d9034a7b2367b97a50b498b0e0
github.com/moodle/moodle/commit/a811e8ac56e49a174b68ceade81197c80be4b325
github.com/moodle/moodle/commit/be6281e2cbc2fb40b96a48c07c80883fa80cd1b7
github.com/moodle/moodle/commit/fd469033fa2c860647e48f3d543346503a37faa0
moodle.org/mod/forum/discuss.php?d=228933
nvd.nist.gov/vuln/detail/CVE-2013-2081