Boletines de Vulnerabilidades

MSA-18-0010: User can shift a block from Dashboard to any page

Información sobre el sistema
   
Software afectado PHP

Descripción
di Marina Glancy. Authenticated user are allowed to add HTML blocks containing scripts to their Dashboard and this is normally not a security issue because personal dashboard is visible to this user only. Through this security vulnerability users can move such block to other pages where they can be viewed by other users.Severity/Risk:SeriousVersions affected:3.4 to 3.4.2, 3.3 to 3.3.5, 3.2 to 3.2.8, 3.1 to 3.1.11 and earlier unsupported versionsVersions fixed:3.5, 3.4.3, 3.3.6, 3.2.9 and

More info:

https://moodle.org/mod/forum/discuss.php?d=371202&parent=1496356

Identificadores estándar
Propiedad Valor
CVE CVE-2018-1136.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2018-11-16

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT