MSA-24-0006: IDOR on dashboard comments block Description: Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (eg on their profile page). Issue summary: IDOR on dashboard comments block Severity/Risk: Minor Versions affected: 4.3 to 4.3.2, 4.2 to 4.2.5, 4.1 to 4.1.8 and earlier unsupported versions Versions fixed: 4.3.3, 4.2.6 and 4.1.9 Reported by: BA7MAN Issue no.: MDL-78300 CVE identifier: Pending Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78300
Created moodle tracking bugs for this issue: Affects: epel-all [bug 2264914] Affects: fedora-all [bug 2264913]
All of the existing tools will function as intended, and those that need to handle the additional groups can do so https://geometry-lite.co It functions flawlessly, based on my testing with both the new and edit comment features. Given how long the list of groups is, the only suggestion I would have would be to include a scroll bar. http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78300
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.