Boletines de Vulnerabilidades

MSA-23-0003: Possible to set the preferred "start page" of other users

Información sobre el sistema
   
Software afectado PHP

Descripción
by Michael Hawkins. Insufficient limitations on the "start page" preference made it possible to set that preference for another user. (Note: This was still limited to the pre-defined start page options)Severity/Risk:MinorVersions affected:4.1, 4.0 to 4.0.5, 3.11 to 3.11.11, 3.9 to 3.9.18 and earlier unsupported versionsVersions fixed:4.1.1, 4.0.6, 3.11.12 and 3.9.19Reported by:Paul HoldenCVE identifier:CVE-2023-23923Changes

More info:

https://moodle.org/mod/forum/discuss.php?d=443274&parent=1782023

Identificadores estándar
Propiedad Valor
CVE CVE-2023-23923.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2023-01-29

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT