| Topic: | Insufficient access control in glossary |
| Severity/Risk: | Major |
| Versions affected: | <1.8.11 and <1.9.7 |
| Reported by: | internal code review |
| Issue no.: | MDL-20928 |
| Solution: | upgrade to 1.8.11 or 1.9.7 |
| Workaround: | use new mod/glossary/showentry.php |
Description:
We have discovered that insufficient access control may allow unauthorised users to view glossary entries.