MSA-20-0019: tool_uploadcourse creates new enrol instances unexpectedly in some circumstances
|
Información sobre el sistema
|
| |
|
|
Software afectado |
PHP |
Descripción
|
by Michael Hawkins. If the upload course tool was used to delete an enrolment method which did not exist or was not already enabled, the tool would erroneously enable that enrolment method. This could lead to unintended users gaining access to the course.Severity/Risk:MinorVersions affected:3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8 and 3.5 to 3.5.14 and earlier unsupported versionsVersions fixed:3.10, 3.9.3, 3.8.6, 3.7.9 and 3.5.15Reported by:Víctor Déniz
More info:
https://moodle.org/mod/forum/discuss.php?d=413939&parent=1668774 |
Identificadores estándar
|
|
Propiedad |
Valor |
|
CVE |
CVE-2020-25701. |
