CVE-2014-0216 (retired)

Priority
Description
The My Home implementation in the block_html_pluginfile function in
blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x
before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file
access, which allows remote attackers to obtain sensitive information by
visiting an HTML block.
Package
Upstream:released (2.6.3-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.7.5+dfsg-1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.7.5+dfsg-1)
Ubuntu 19.04 (Disco Dingo):not-affected (2.7.5+dfsg-1)
Ubuntu 19.10 (Eoan):not-affected (2.7.5+dfsg-1)
More Information

Updated: 2019-08-23 08:59:58 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)