Boletines de Vulnerabilidades

MSA-19-0028: Email media URL tokens were not checking for user status

Información sobre el sistema
   
Software afectado PHP

Descripción
von Michael Hawkins. Tokens used to fetch inline attachments in email notifications were not disabled when a users account was no longer active. Note: to access files, a user would need to know the file path, and their token.Severity/Risk:MinorVersions affected:3.7 to 3.7.2 and 3.6 to 3.6.6Versions fixed:3.7.3 and 3.6.7Reported by:Juan LeyvaCVE identifier:CVE-2019-14883Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-66377Tracker

More info:

https://moodle.org/mod/forum/discuss.php?d=393586&parent=1586750

Identificadores estándar
Propiedad Valor
CVE CVE-2019-14883.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2020-03-31

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT