grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Moodle | Moodle | 1.9.1 (including) | 1.9.1 (including) |
| Moodle | Moodle | 1.9.2 (including) | 1.9.2 (including) |
| Moodle | Moodle | 1.9.3 (including) | 1.9.3 (including) |
| Moodle | Moodle | 1.9.4 (including) | 1.9.4 (including) |
| Moodle | Moodle | 1.9.5 (including) | 1.9.5 (including) |
| Moodle | Moodle | 1.9.6 (including) | 1.9.6 (including) |
| Moodle | Moodle | 1.9.7 (including) | 1.9.7 (including) |
| Moodle | Moodle | 1.9.8 (including) | 1.9.8 (including) |
| Moodle | Moodle | 1.9.9 (including) | 1.9.9 (including) |
| Moodle | Moodle | 1.9.10 (including) | 1.9.10 (including) |
| Moodle | Moodle | 1.9.11 (including) | 1.9.11 (including) |
| Moodle | Moodle | 1.9.12 (including) | 1.9.12 (including) |
| Moodle | Moodle | 1.9.13 (including) | 1.9.13 (including) |
| Moodle | Moodle | 1.9.14 (including) | 1.9.14 (including) |
| Moodle | Moodle | 1.9.15 (including) | 1.9.15 (including) |
| Moodle | Moodle | 1.9.16 (including) | 1.9.16 (including) |
| Moodle | Moodle | 1.9.17 (including) | 1.9.17 (including) |
| Moodle | Moodle | 1.9.18 (including) | 1.9.18 (including) |
| Moodle | Ubuntu | hardy | * |
| Moodle | Ubuntu | lucid | * |
| Moodle | Ubuntu | oneiric | * |
| Moodle | Ubuntu | precise | * |
| Moodle | Ubuntu | quantal | * |
| Moodle | Ubuntu | raring | * |
| Moodle | Ubuntu | upstream | * |