Boletines de Vulnerabilidades

MSA-21-0018: Reflected XSS and open redirect in LTI authorization endpoint

Información sobre el sistema
   
Software afectado PHP

Descripción
by Michael Hawkins. The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks.Severity/Risk:MinorVersions affected:3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versionsVersions fixed:3.11, 3.10.4, 3.9.7 and 3.8.9Reported by:Jordan TomkinsonCVE identifier:CVE-2021-32478Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-70622Tracker issue:MDL-70622

More info:

https://moodle.org/mod/forum/discuss.php?d=422314&parent=1701639

Identificadores estándar
Propiedad Valor
CVE CVE-2021-32478.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2021-05-18

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT