ID: 6452
Title: Fixed wrong sidebar snapin permission checking
Component: Multisite
Level: 1
Class: Security fix
Version: 1.6.0i1
The permission checking of sidebar snapins was not working correctly in all
previous 1.5 versions.
The specific issue was that the default permission of the sidebar snapins were
not set correctly. Especially the master control snapin (which can be used to
globally disable e.g. checking or notifications) was usable even for guest
users by default which is normally only available for administrative users.
As workaround, you could override the default permissions of the snapins to
make them only available to the intended roles.