Security Announcements

MSA-14-0012: Access issue in Badges

 
 
My ugly mug
MSA-14-0012: Access issue in Badges
 
Description: It was possible for authenticated users to toggle the visibility of other users' badges.
Issue summary: logged user can change badge status (visible field)
Severity/Risk: Minor
Versions affected: 2.6 to 2.6.1 and 2.5 to 2.5.4
Versions fixed: 2.6.2 and 2.5.5
Reported by: Adrian Lorenc
Issue no.: MDL-44140
CVE identifier: CVE-2014-0129
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44140