Bug 1264826

Summary: CVE-2015-5265 moodle: Free access to the file manager in the wiki via text editor (MSA-15-0032)
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED DUPLICATE QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: gwync, ignatenko
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: moodle 2.9.2, 2.8.8 and 2.7.10 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-09-21 11:39:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Adam Mariš 2015-09-21 10:14:25 UTC 
A vulnerability was found in file manager in wiki where users can delete files uploaded by other users in wiki without capability to manage files. Affected versions are 2.9 to 2.9.1, 2.8 to 2.8.7, 2.7 to 2.7.9 and earlier unsupported versions.

Upstream patch:

https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48371
Comment 1 Adam Mariš 2015-09-21 11:39:51 UTC 

*** This bug has been marked as a duplicate of bug 1264861 ***