Boletines de Vulnerabilidades

MSA-22-0012: Global search results reveal authors of content unexpectedly for some activities

Información sobre el sistema
   
Software afectado PHP

Descripción
by Michael Hawkins. Global search results could include author information on some activities where a user may not otherwise have access to it.Severity/Risk:MinorVersions affected:4.0, 3.11 to 3.11.6, 3.10 to 3.10.10, 3.9 to 3.9.13 and earlier unsupported versionsVersions fixed:4.0.1, 3.11.7, 3.10.11 and 3.9.14Reported by:CatalinaCVE identifier:CVE-2022-30598Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71623Tracker issue:MDL-71623 Global

More info:

https://moodle.org/mod/forum/discuss.php?d=434580&parent=1748724

Identificadores estándar
Propiedad Valor
CVE CVE-2022-30598.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2022-05-18

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT