MSA-13-0006: Potential information leak in Assignment module

by Michael de Raadt.  

...
Description:Through URL manipulation, students were able to view feedback comments provided on other student's submissions.
Issue summary:

Assignment comment permissions are not being validated

Severity/Risk:Serious
Versions affected:2.4, 2.3 to 2.3.3+
Reported by:Dan Poltawski
Issue no.:MDL-37244

CVE identifier:

CVE-2012-6102
Cha
Leer más...