Security announcements

MSA-10-0004: Improved access control in course restore

 
Picture of Petr Skoda
MSA-10-0004: Improved access control in course restore
 
Topic: Improved access control in course restore
Severity/Risk: Minor
Versions affected: 1.8.x and <1.9.8
Reported by: multiple reports
Issue no.: MDL-16658, MDL-19233
Solution: upgrade to 1.9.8
Workaround: none


Description:
The restoring of courses sometimes resulted in creation of new roles - that code should be now more reliable. Please note that all the users that are allowed to restore backup files must be trustworthy.