MSA-16-0010: Enumeration of category details possible without authentication

MSA-16-0010: Enumeration of category details possible without authentication

by Marina Glancy -
Number of replies: 0
Description: Despite force login setting guests could still access course category details
Issue summary: Enumeration of category details possible without authentication
Severity/Risk: Minor
Versions affected: 3.0 to 3.0.2, 2.9 to 2.9.4, 2.8 to 2.8.10, 2.7 to 2.7.12 and earlier unsupported versions
Versions fixed: 3.0.3, 2.9.5, 2.8.11 and 2.7.13
Reported by: Krista Koivisto
Issue no.: MDL-52774
CVE identifier: CVE-2016-2158
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52774