MSA-18-0010: User can shift a block from Dashboard to any page
|
Información sobre el sistema
|
|
|
Software afectado |
PHP |
Descripción
|
di Marina Glancy. Authenticated user are allowed to add HTML blocks containing scripts to their Dashboard and this is normally not a security issue because personal dashboard is visible to this user only. Through this security vulnerability users can move such block to other pages where they can be viewed by other users.Severity/Risk:SeriousVersions affected:3.4 to 3.4.2, 3.3 to 3.3.5, 3.2 to 3.2.8, 3.1 to 3.1.11 and earlier unsupported versionsVersions fixed:3.5, 3.4.3, 3.3.6, 3.2.9 and
More info:
https://moodle.org/mod/forum/discuss.php?d=371202&parent=1496356 |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2018-1136. |