Topic: | Non-editor teacher can exceed teacher permissions: example, backup:userinfo |
Severity/Risk: | Serious |
Versions affected: | 2.2 to 2.2.2+, 2.1 to 2.1.5+, 2.0 to 2.0.8+ |
Reported by: | Jozas Nhial |
Issue no.: | MDL-32030 |
CVE Identifier: |
CVE-2012-2359 |
Changes (master): | http://git.moodle.org/gw?p=moodle.git;a=commit;h=0f75e1e6272db0303abc8e27362e5c3a1344b82f |
Description:
Non-editing teachers were able to redefine their capabilities to achieve actions they would not normally be able to achieve.