Moodle.org: MSA-11-0009: My profile block may disclose private information if used in user context

Forums
Documentation
Downloads
Demo
Tracker
Development
Translation
Search

Search
Moodle Sites

Moodle.org

MSA-11-0009: My profile block may disclose private information if used in user context

◄ MSA-11-0008: IMS enterprise enrolment file may disclose sensitive information
MSA-11-0010: Incorrect default for mod:course/delete capability in teacher role ►

MSA-11-0009: My profile block may disclose private information if used in user context

by Helen Foster - Tuesday, 1 March 2011, 10:57 PM

Topic:	My profile block may disclose private information if used in user context
Severity:	Minor
Versions affected:	<2.0.2 (1.9.x not affected)
Reported by:	Internal code review
Issue no.:	MDL-26034
Solution:	Upgrade to latest version
Workaround:	Uninstall the myprofile block and delete block/myprofile files

Description:

The My profile block could allow disclosure of private information when placed on pages in the user context. The block was changed to show only current user information.

◄ MSA-11-0008: IMS enterprise enrolment file may disclose sensitive information
MSA-11-0010: Incorrect default for mod:course/delete capability in teacher role ►

Security announcements

MSA-11-0009: My profile block may disclose private information if used in user context

MSA-11-0009: My profile block may disclose private information if used in user context

Empowering educators to improve our world

Moodle

Support

Get Involved

Contributions

Downloads

Tracker

Development

Empowering educators to improve our world