CVE-2010-1616

Priority
Low
Description
Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a
course, which allows teachers to create new accounts even if they do not
have the moodle/user:create capability.
References
Notes
kees> MSA-10-0004
kees> http://tracker.moodle.org/browse/MDL-16658
kees> http://tracker.moodle.org/browse/MDL-19233
Package
Upstream:released (1.9.8)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (1.9.9.dfsg2-2)
Ubuntu 12.10 (Quantal Quetzal):not-affected (1.9.9.dfsg2-2)
Ubuntu 13.04 (Raring Ringtail):not-affected (1.9.9.dfsg2-2)
Ubuntu 13.10 (Saucy Salamander):not-affected (1.9.9.dfsg2-2)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1.9.9.dfsg2-2)
More Information

Valid XHTML 1.0 Strict

Updated: 2013-12-20 21:16:06 UTC (commit 7585)