Red Hat Bugzilla – Bug 857927
CVE-2012-4407 moodle: Blog file access issue (MSA-12-0053)
Last modified: 2013-01-21 15:56:10 EST
A security flaw was found in the way file serving functionality of Moodle course management system enforced file access restrictions on blog post(s). A remote attacker could use this flaw to deliver files embedded as part of a blog without the publication state to be checked properly.
This issue affects the version of the moodle package, as shipped with Fedora release of 17. Please schedule an update.
This issue did NOT affect the versions of the moodle package, as shipped with Fedora release of 16, Fedora EPEL 6 and Fedora EPEL 5.
Update in progress, not linked to any BZ, none assigned to me.
Created moodle tracking bugs for this issue
Affects: fedora-17 [bug 857981]