MSA-17-0014: Course overview block reveals activities in hidden courses

by Marina Glancy.  

Timeline view of the new course overview block can show events for activities that user can not yet access because the course is hidden.


Severity/Risk:Minor
Versions affected:3.3
Versions fixed:3.3.1
Reported by:Charles Fulton
CVE identifier:CVE-2017-7531
Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-59304
Tracker issue:MDL-59304 Course overview block reveals activities in hidden courses

Read more https://moodle.org/mod/forum/discuss.php?d=355555&parent=1434235