Boletines de Vulnerabilidades

MSA-23-0012: Course participation report shows roles the user should not see

Información sobre el sistema
   
Software afectado PHP

Descripción
par Michael Hawkins. The course participation report required additional checks to prevent roles being displayed which the user did not have access to view.Severity/Risk:MinorVersions affected:4.1 to 4.1.1, 4.0 to 4.0.6, 3.11 to 3.11.12, 3.9 to 3.9.19 and earlier unsupported versionsVersions fixed:4.1.2, 4.0.7, 3.11.13 and 3.9.20Reported by:Chris PrattCVE identifier:CVE-2023-1402Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75517Tracker

More info:

https://moodle.org/mod/forum/discuss.php?d=445069&parent=1788902

Identificadores estándar
Propiedad Valor
CVE CVE-2023-1402.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2023-06-22

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT