Security Announcements

 
 
Picture of Helen Foster
MSA-09-0024: Insufficient access control in glossary
 
Topic: Insufficient access control in glossary
Severity/Risk: Major
Versions affected: <1.8.11 and <1.9.7
Reported by: internal code review
Issue no.: MDL-20928
Solution: upgrade to 1.8.11 or 1.9.7
Workaround: use new mod/glossary/showentry.php


Description:
We have discovered that insufficient access control may allow unauthorised users to view glossary entries.