Описание
mod/assign/locallib.php in the assignment module in Moodle 2.3.x before 2.3.7 and 2.4.x before 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download (aka downloadall) requests, which allows remote authenticated users to read other users' assignments by leveraging the student role.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2.2.6.dfsg-1 |
| lucid | not-affected | 1.9.4.dfsg-0ubuntu4 |
| precise | not-affected | 1.9.9.dfsg2-6 |
| quantal | not-affected | 2.2.3.dfsg-2.3 |
| raring | not-affected | 2.2.6.dfsg-1 |
| upstream | released | 2.5, 2.4.4, 2.3.7 |
Показывать по
EPSS
4 Medium
CVSS2
Связанные уязвимости
mod/assign/locallib.php in the assignment module in Moodle 2.3.x before 2.3.7 and 2.4.x before 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download (aka downloadall) requests, which allows remote authenticated users to read other users' assignments by leveraging the student role.
mod/assign/locallib.php in the assignment module in Moodle 2.3.x befor ...
mod/assign/locallib.php in the assignment module in Moodle 2.3.x before 2.3.7 and 2.4.x before 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download (aka downloadall) requests, which allows remote authenticated users to read other users' assignments by leveraging the student role.
EPSS
4 Medium
CVSS2