MSA-19-0025: Add additional verification for some OAuth 2 logins to prevent account compromise
|
Información sobre el sistema
|
|
|
Software afectado |
PHP |
Descripción
|
von Michael Hawkins. OAuth 2 providers who do not verify users email address changes require additional verification during sign-up to reduce the risk of account compromise.Severity/Risk:SeriousVersions affected:3.7 to 3.7.2, 3.6 to 3.6.6, 3.5 to 3.5.8 and earlier unsupported versionsVersions fixed:3.7.3, 3.6.7 and 3.5.9Reported by:CeDiS TeamWorkaround:Disable login via OAuth 2 providers that may be affected, until the patch is applied.CVE identifier:CVE-2019-14880Changes
More info:
https://moodle.org/mod/forum/discuss.php?d=393583&parent=1586744 |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2019-14880. |