Boletines de Vulnerabilidades

MSA-19-0001: Manage groups capability is missing XSS risk flag

Información sobre el sistema
   
Software afectado PHP

Descripción
von Michael Hawkins. The manage groups capability did not have the XSS risk flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default.Severity/Risk:MinorVersions affected:3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versionsVersions fixed:3.6.2, 3.5.4, 3.4.7 and 3.1.16Reported by:Fariskhi VidyanCVE identifier:CVE-2019-3808Changes

More info:

https://moodle.org/mod/forum/discuss.php?d=381228&parent=1536765

Identificadores estándar
Propiedad Valor
CVE CVE-2019-3808.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2019-03-20

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT