| Topic: | User B is able to see and use Dropbox of User A within Dropbox Repository File Picker |
| Severity/Risk: | Serious |
| Versions affected: | 2.3 to 2.3.2+, 2.2 to 2.2.5+, 2.1 to 2.1.8+ |
| Reported by: | Alexander Bias |
| Issue no.: | MDL-29872, MDL-36366 |
CVE Identifier: | CVE-2012-5471 |
Workaround: | Turn off Dropbox repository |
| Changes (master): | http://git. |
| Topic: | Information disclosure in yui_combo.php |
| Severity/Risk: | Minor |
| Versions affected: | 2.3 to 2.3.1+ |
| Reported by: | Mark Baseggio |
| Issue no.: | MDL-35168 |
CVE Identifier: | CVE-2012-4403 |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35168 |
Description:
The drag-and-drop script was...
| Topic: | A web service token allows the user to run functions from any external service, not just those linked to the external service the token is for |
| Severity/Risk: | Serious |
| Versions affected: | 2.3 to 2.3.1+, 2.2 to 2.2.4+, 2.1 to 2.1.7+ |
| Reported by: | Nathan Mares |
| Issue no.: | MDL-34368 |
CVE Identifier: | CVE-2012-4402 |
| Changes (master): | http: |
| Topic: | Course reset not protected by proper capability |
| Severity/Risk: | Minor |
| Versions affected: | 2.3 to 2.3.1+, 2.2 to 2.2.4+, 2.1 to 2.1.7+ |
| Reported by: | Rex Lorenzo |
| Issue no.: | MDL-34519 |
CVE Identifier: | CVE-2012-4408 |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34519 |
Description:
...