In Moodle 3.x, course creators are able to change system default settings for courses. Insufficient permission check in "Site administration" tree allows users who have permission to access one page in the tree to change other settings. Reference: https://moodle.org/mod/forum/discuss.php?d=355556
Created moodle tracking bugs for this issue: Affects: epel-all [bug 1472242] Affects: fedora-all [bug 1472243]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.