| Topic: | Missing permissions check in pluginfile for blocks |
| Severity/Risk: | Minor |
| Versions affected: | 2.2 to 2.2.3+, 2.1 to 2.1.6+ |
| Reported by: | Juan Leyva |
| Issue no.: | MDL-32155 |
| Workaround: | Do not embed sensitive documents in HTML blocks |
|
CVE Identifier: |
CVE-2012-3390 |
| Changes (2.2): | http://git.moodle.org/gw?p=moodle.git;a=commit;h=c58c05ad4f22c6ee1e136a7d4caaddd809a7134d |
Description:
Files embedded by a block (eg., the HTML block) were accessible after the block had been hidden.