CVE-2016-8644

Name of the Vulnerable Software and Affected Versions Moodle versions 2.x through 3.x

Description The issue is related to insufficient access control in the course notes viewing capability, which is checked in the wrong context. This can potentially allow a remote attacker to elevate their privileges.

Recommendations For Moodle versions 2.x through 3.x, update to a version where the access control for course notes viewing is properly implemented in the correct context. At the moment, there is no information about a newer version that contains a fix for this vulnerability.