Topic: | authenticated user "view" capability set to "allow" for all repos |
Severity: | Minor |
Versions affected: | 2.2 to 2.2.1+, 2.1 to 2.1.4+, 2.0 to 2.0.7+ |
Reported by: | Andrea Bicciolo |
Workaround: |
Manually change capability for repositories |
Issue no.: | MDL-30452 |
CVE Identifier: |
CVE-2012-1157 |
Changes (master): | http://git.moodle.org/gw?p=moodle.git;a=commit;h=246c2cb8e5af71a7d7c605b8fc9f9563e0fb3bc4 |
Description:
Not all repositories are intended for student use, however all repositories were viewable by all users by default. This change will affect new installations only. Existing site admins should review their repository capabilities.