MSA-20-0021: The participants table download feature did not respect the site's show user identity configuration

by Michael Hawkins.  

The participants table download always included user emails, but should have only done so when users' emails are not hidden.


...
Severity/Risk:Minor
Versions affected:3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8
Versions fixed:3.10, 3.9.3, 3.8.6 and 3.7.9
Reported by:A. Schenkel
CVE identifier:CVE-2020-25703
Changes (master):http://g
Leer más...


MSA-20-0019: tool_uploadcourse creates new enrol instances unexpectedly in some circumstances

by Michael Hawkins.  

If the upload course tool was used to delete an enrolment method which did not exist or was not already enabled, the tool would erroneously enable that enrolment method. This could lead to unintended users gaining access to the course.


...
Severity/Risk:Minor
Versions affected:3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8 and 3.5 to
Leer más...