Topic: | Various problems with permissions checks in the question bank |
Severity/Risk: | Minor |
Versions affected: | 2.2 to 2.2.2+, 2.1 to 2.1.5+ |
Reported by: | Tim Hunt |
Issue no.: | MDL-32239 |
CVE Identifier: |
CVE-2012-2356 |
Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32239 |
Description:
Capabilities were not being correctly checked when working in the question bank. Question authorship was not being checked. Users were shown UI elements when they did not have permission to use them. User permissions were not correctly checked when saving a question.