Red Hat Bugzilla – Bug 903250
CVE-2012-6098 moodle: Users without the appropriate capability were able to set a custom outcome (MSA-13-0002)
Last modified: 2015-08-22 11:37:11 EDT
A security flaw was found in the way Moodle, a course management system, performed capability checks in certain situations. Users without appropriate capability were able to set a custom outcome they had created as a standard site-wide capability when editing that outcome.
Relevant upstream patch:
This issue did NOT affect the versions of the moodle package, as shipped with Fedora release of 16, 17, 18, and Fedora EPEL 6 (moodle package versions for those releases are already updated).
This issue affects the version of the moodle package, as shipped with Fedora EPEL 5. Please schedule an update.
Created moodle tracking bugs for this issue
Affects: epel-5 [bug 903264]