Topic: | Missing permissions check in pluginfile for blocks |
Severity/Risk: | Minor |
Versions affected: | 2.2 to 2.2.3+, 2.1 to 2.1.6+ |
Reported by: | Juan Leyva |
Issue no.: | MDL-32155 |
Workaround: | Do not embed sensitive documents in HTML blocks |
CVE Identifier: |
CVE-2012-3390 |
Changes (2.2): | http://git.moodle.org/gw?p=moodle.git;a=commit;h=c58c05ad4f22c6ee1e136a7d4caaddd809a7134d |
Description:
Files embedded by a block (eg., the HTML block) were accessible after the block had been hidden.