Moodle.org: MSA-12-0059: Information leak in Database activity module

Topic:	Members of seperate groups can see Database activity entries for other groups
Severity/Risk:	Minor
Versions affected:	2.3 to 2.3.2+, 2.2 to 2.2.5+, 2.1 to 2.1.8+
Reported by:	Richard Meyer
Issue no.:	MDL-34448
CVE Identifier:	CVE-2012-5473
Changes (master):	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34448

Description:

Within the Database activity module, when separate groups were used, members of one group were able to see entries created by members of another group by completing an advanced search.

Security announcements

MSA-12-0059: Information leak in Database activity module

MSA-12-0059: Information leak in Database activity module

Empowering educators to improve our world

Moodle

Support

Get Involved

Contributions

Downloads

Tracker

Development

Empowering educators to improve our world