MSA-16-0007: Non-Editing Instructor role can edit exclude checkbox in Single View

MSA-16-0007: Non-Editing Instructor role can edit exclude checkbox in Single View

by Marina Glancy -
Number of replies: 0
Description: Incorrect capability check in Single View grade report could result in giving a teacher extra permission
Issue summary: Non-Editing Instructor role can edit exclude checkbox in Single View
Severity/Risk: Minor
Versions affected: 3.0 to 3.0.2, 2.9 to 2.9.4, 2.8 to 2.8.10
Versions fixed: 3.0.3, 2.9.5 and 2.8.11
Reported by: Mark McKay
Issue no.: MDL-52378
CVE identifier: CVE-2016-2155
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52378