Users' enrolment capabilities were not being sufficiently checked when they restored into an existing course, which could lead to them unenrolling users without having permission to do so.
|Versions affected:||3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions|
|Versions fixed:||3.10, 3.9.3, 3.8.6, 3.7.9 and 3.5.15|
|Reported by:||Roman Sevostyanov|
|Tracker issue:||MDL-67837 Teacher is able to unenrol users without permission using course restore|