Security announcements

MSA-15-0027: Capability 'mod/forum:canposttomygroups' is not respected when using 'Post a copy to all groups' in forum

 
Picture of Marina Glancy
MSA-15-0027: Capability 'mod/forum:canposttomygroups' is not respected when using 'Post a copy to all groups' in forum
 
Description: Capability 'mod/forum:canposttomygroups' was not respected when using 'Post a copy to all groups' in forum. Capability to post to each individual group was always required.
Issue summary: canposttomygroups capability is not checked in mod/forum/post.php
Severity/Risk: Minor
Versions affected: 2.9
Versions fixed: 2.9.1
Reported by: Juan Leyva
Issue no.: MDL-50220
CVE identifier: CVE-2015-3273
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50220