CVE-2011-4288 Information

Description

Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role.

Reference

http://git.moodle.org/gw?p=moodle.git;a=commit;h=79c6e3a0968ee1fedcf8a1f14f8086fcd9dbd3f6 http://moodle.org/mod/forum/discuss.php?d=175590 http://openwall.com/lists/oss-security/2011/11/14/1