MSA-17-0011: Searching of blogs possible without capability to do it

由“Marina Glancy”.  

Capability to search blogs was not checked properly resulting in users being able to search blogs without permission

Versions affected:3.2 to 3.2.2, 3.1 to 3.1.5, 3.0 to 3.0.9, 2.7 to 2.7.19 and other unsupported versions
Versions fixed:3.2.3, 3.1.6, 3.0.10 and 2.7.20
Reported by:Daniel Kosinski
CVE identifier:CVE-2017-7490
Changes (master):
Tracker issue:MDL-58670 Users can search blogs by typing full url in address bar even with capability moodle/blog:search removed from their role

Read more