Security announcements

MSA-14-0041: Lack of capability check in tags list access

 
Picture of Marina Glancy
MSA-14-0041: Lack of capability check in tags list access
 
Description: Unprivileged users could access the list of available tags in the system.
Issue summary: Tag autocomplete AJAX page lacks capability check
Severity/Risk: Serious
Versions affected: 2.7 to 2.7.2, 2.6 to 2.6.5, 2.5 to 2.5.8 and earlier unsupported versions
Versions fixed: 2.8, 2.7.3, 2.6.6 and 2.5.9
Reported by: Frédéric Massart
Issue no.: MDL-47965
CVE identifier: CVE-2014-7846
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47965