Boletines de Vulnerabilidades

MSA-23-0025: phpCAS library upgraded to 1.6.0 (upstream)

Información sobre el sistema
   
Software afectado PHP

Descripción
por Michael Hawkins. The phpCAS library included with Moodle has been upgraded to version 1.6.0, which includes a fix for a serious security issue.Severity/Risk:SeriousVersions affected:4.0 to 4.0.9, 3.11 to 3.11.15, 3.9 to 3.9.22 and earlier unsupported versionsVersions fixed:4.0.10, 3.11.16 and 3.9.23Reported by:Julien BoulenCVE identifier:CVE-2022-39369Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78620Tracker issue:MDL-78620 phpCAS

More info:

https://moodle.org/mod/forum/discuss.php?d=449646&parent=1807050

Identificadores estándar
Propiedad Valor
CVE CVE-2022-39369.

Histórico de versiones
Versión Comentario Fecha

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT