| Topic: | Non-editor teacher can exceed teacher permissions: example, backup:userinfo |
| Severity/Risk: | Serious |
| Versions affected: | 2.2 to 2.2.2+, 2.1 to 2.1.5+, 2.0 to 2.0.8+ |
| Reported by: | Jozas Nhial |
| Issue no.: | MDL-32030 |
|
CVE Identifier: |
CVE-2012-2359 |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git;a=commit;h=0f75e1e6272db0303abc8e27362e5c3a1344b82f |
Description:
Non-editing teachers were able to redefine their capabilities to achieve actions they would not normally be able to achieve.