MSA-17-0015: Course creators are able to change system default settings for courses

MSA-17-0015: Course creators are able to change system default settings for courses

by Marina Glancy -
Number of replies: 0

Insufficient permission check in "Site administration" tree allows users who have permission to access one page in the tree to change other settings.


Severity/Risk: Minor
Versions affected: 3.3, 3.2 to 3.2.3, 3.1 to 3.1.6 and earlier unsupported versions
Versions fixed: 3.3.1, 3.2.4 and 3.1.7
Reported by: Thomas Jaisson
CVE identifier: CVE-2017-7532
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-59409
Tracker issue: MDL-59409 Course creators are able to change system default settings for courses