| Description: | It was possible for authenticated users to toggle the visibility of other users' badges. |
| Issue summary: | logged user can change badge status (visible field) |
| Severity/Risk: | Minor |
| Versions affected: | 2.6 to 2.6.1 and 2.5 to 2.5.4 |
| Versions fixed: | 2.6.2 and 2.5.5 |
| Reported by: | Adrian Lorenc |
| Issue no.: | MDL-44140 |
| CVE identifier: | CVE-2014-0129 |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44140 |