Boletines de Vulnerabilidades

MSA-23-0028: Open redirect risk on admin view all policies page

Información sobre el sistema
   
Software afectado PHP

Descripción
by Michael Hawkins. The admin view all policies page URL required additional sanitizing to prevent an open redirect risk.Severity/Risk:MinorVersions affected:4.2 to 4.2.1, 4.1 to 4.1.4, 4.0 to 4.0.9, 3.11 to 3.11.15, 3.9 to 3.9.22 and earlier unsupported versionsVersions fixed:4.2.2, 4.1.5, 4.0.10, 3.11.16 and 3.9.23Reported by:Darko MileticCVE identifier:CVE-2023-40323Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78763Tracker

More info:

https://moodle.org/mod/forum/discuss.php?d=449649&parent=1807054

Identificadores estándar
Propiedad Valor
CVE CVE-2023-40323.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2023-08-22

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT