| Topic: | User B is able to see and use Dropbox of User A within Dropbox Repository File Picker |
| Severity/Risk: | Serious |
| Versions affected: | 2.3 to 2.3.2+, 2.2 to 2.2.5+, 2.1 to 2.1.8+ |
| Reported by: | Alexander Bias |
| Issue no.: | MDL-29872, MDL-36366 |
|
CVE Identifier: |
CVE-2012-5471 |
|
Workaround: |
Turn off Dropbox repository |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29872 |
Description:
Users who logged out of Dropbox through the Moodle repository were disconnected in Moodle, but the user's access to Dropbox was still allowed while their browser session continued.