Vulnerability Bulletins

MSA-23-0003: Possible to set the preferred "start page" of other users


System information

   
Affected software PHP

Description

by Michael Hawkins. Insufficient limitations on the "start page" preference made it possible to set that preference for another user. (Note: This was still limited to the pre-defined start page options)Severity/Risk:MinorVersions affected:4.1, 4.0 to 4.0.5, 3.11 to 3.11.11, 3.9 to 3.9.18 and earlier unsupported versionsVersions fixed:4.1.1, 4.0.6, 3.11.12 and 3.9.19Reported by:Paul HoldenCVE identifier:PendingChanges

More info:

https://moodle.org/mod/forum/discuss.php?d=443274&parent=1782023

Standar resources

Property Value
CVE

Version history

Version Comments Date
1.0 Advisory issued 2023-01-25
Ministerio de Defensa
CNI
CCN
CCN-CERT