Boletines de Vulnerabilidades

MSA-19-0007: Stored HTML in assignment submission comments allowed links to be opened directly

Información sobre el sistema
   
Software afectado PHP

Descripción
by Michael Hawkins. Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits.Severity/Risk:MinorVersions affected:3.6 to 3.6.2, 3.5 to 3.5.4, 3.4 to 3.4.7, 3.1 to 3.1.16 and earlier unsupported versionsVersions fixed:3.6.3, 3.5.5, 3.4.8 and 3.1.17Reported by:Steeven GeorgeCVE identifier:CVE-2019-3850Changes

More info:

https://moodle.org/mod/forum/discuss.php?d=384013&parent=1547745

Identificadores estándar
Propiedad Valor
CVE CVE-2019-3850.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2019-03-20

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT