Boletines de Vulnerabilidades

MSA-21-0031: Messaging email notifications containing HTML may hide the final line of the email


Información sobre el sistema

   
Software afectado PHP

Descripción

by Michael Hawkins. In some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk.Severity/Risk:MinorVersions affected:3.11, 3.10 to 3.10.4, 3.9 to 3.9.7 and earlier unsupported versionsVersions fixed:3.11.1, 3.10.5 and 3.9.8Reported by:i_am_nobodyCVE identifier:CVE-2021-36403Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71919Tracker issue:MDL-71919

More info:

https://moodle.org/mod/forum/discuss.php?d=424809&parent=1710828

Identificadores estándar

Propiedad Valor
CVE CVE-2021-36403.

Histórico de versiones

Versión Comentario Data
1.0 Advisory issued 2021-10-02
Ministerio de Defensa
CNI
CCN
CCN-CERT