Security Announcements

My ugly mug
MSA-12-0063: Information leak in Check Permissions page
Topic: Check Permissions page displays entire user base without moodle/role:manage capability
Severity/Risk: Minor
Versions affected: 2.3 to 2.3.2+
Reported by: Jody Steele
Issue no.: MDL-35381

CVE Identifier:

Changes (master):


The Check Permissions page was allowing non-admin users to see the capabilities of all users, not just users in a course/category.