Boletines de Vulnerabilidades

MSA-22-0027: Quiz sequential navigation bypass using web services

Información sobre el sistema
   
Software afectado PHP

Descripción
by Michael Hawkins. Insufficient limitations in some quiz web services made it possible for students to bypass sequential navigation during a quiz attempt.Severity/Risk:MinorVersions affected:4.0 to 4.0.2, 3.11 to 3.11.8, 3.9 to 3.9.15 and earlier unsupported versionsVersions fixed:4.0.3, 3.11.9 and 3.9.16Reported by:omaralbalouliCVE identifier:CVE-2022-40208Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75210Tracker issue:MDL-75210 Quiz

More info:

https://moodle.org/mod/forum/discuss.php?d=438761&parent=1766080

Identificadores estándar
Propiedad Valor
CVE CVE-2022-40208.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2022-09-28

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT