Security Announcements

My ugly mug
MSA-13-0006: Potential information leak in Assignment module
Description: Through URL manipulation, students were able to view feedback comments provided on other student's submissions.
Issue summary:

Assignment comment permissions are not being validated

Severity/Risk: Serious
Versions affected: 2.4, 2.3 to 2.3.3+
Reported by: Dan Poltawski
Issue no.: MDL-37244

CVE identifier:

Changes (master):