CVE-2012-2359 - Pleasant Linen
Description
admin/roles/override.php in Moodle 2.0.x before 2.0.9 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities as demonstrated by obtaining the backup:userinfo capability.
Reference
http://git.moodle.org/gw?p=moodle.git;a=commit;h=0f75e1e6272db0303abc8e27362e5c3a1344b82f http://openwall.com/lists/oss-security/2012/05/23/2