Boletines de Vulnerabilidades

MSA-23-0021: Some block permissions on Dashboard not respected

Información sobre el sistema
   
Software afectado PHP

Descripción
by Michael Hawkins. Permission overrides on individual blocks in the system dashboard did not cascade to user dashboards.Severity/Risk:MinorVersions affected:4.2 to 4.2.1, 4.1 to 4.1.4, 4.0 to 4.0.9, 3.11 to 3.11.15, 3.9 to 3.9.22 and earlier unsupported versionsVersions fixed:4.2.2, 4.1.5, 4.0.10, 3.11.16 and 3.9.23Reported by:Bas HarkinkCVE identifier:CVE-2023-40318Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78340Tracker

More info:

https://moodle.org/mod/forum/discuss.php?d=449642&parent=1807044

Identificadores estándar
Propiedad Valor
CVE CVE-2023-40318.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2023-08-22

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT