Boletines de Vulnerabilidades

MSA-19-0008: Secure layout contained an insecure link in Boost theme

Información sobre el sistema
   
Software afectado PHP

Descripción
by Michael Hawkins. There was a link to site home within the the Boost themes secure layout, meaning students could navigate out of the page.Severity/Risk:MinorVersions affected:3.6 to 3.6.2 and 3.5 to 3.5.4Versions fixed:3.6.3 and 3.5.5Reported by:Martin von Löwis and Luca BöschCVE identifier:CVE-2019-3851Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64706Tracker issue:MDL-64706 Secure layout contained an insecure link in Boost

More info:

https://moodle.org/mod/forum/discuss.php?d=384014&parent=1547746

Identificadores estándar
Propiedad Valor
CVE CVE-2019-3851.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2019-03-20

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT