MSA-12-0057: Access issue through repository

by Michael de Raadt.  

Topic:User B is able to see and use Dropbox of User A within Dropbox Repository File Picker
Severity/Risk:Serious
Versions affected:2.3 to 2.3.2+, 2.2 to 2.2.5+, 2.1 to 2.1.8+
Reported by:Alexander Bias
Issue no.:MDL-29872, MDL-36366

CVE Identifier:

CVE-2012-5471

Workaround:

Turn off Dropbox repository

Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29872

Description:

Users who logged out of Dropbox through the Moodle repository were disconnected in Moodle, but the user's access to Dropbox was still allowed while their browser session continued.

Read more https://moodle.org/mod/forum/discuss.php?d=216155&parent=941378