Day: 21 mayo, 2019

Publicado el

MSA-19-0012: Private files uploaded via incoming mail processing could bypass quota restrictions

by Michael Hawkins. The size of users private file uploads via email were not correctly checked, so their quota allowance could be exceeded.Severity/Risk:MinorVersions affected:3.6 to 3.6.3, 3.5 to 3.5.5, 3.4 to 3.4.8, 3.1 to 3.1.17 and earlier unsupported versionsVersions fixed:3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18Reported by:Guillermo Leon Alvarez SalamancaWorkaround:Disable the "Email to Private files" message handler until the fix is applied. This is disabled by default in More info: https://moodle.org/mod/forum/discuss.php?d=386524&parent=1557998
Publicado el

MSA-19-0011: Open redirect in upload cohorts page

by Michael Hawkins. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.Severity/Risk:MinorVersions affected:3.6 to 3.6.3, 3.5 to 3.5.5, 3.4 to 3.4.8, 3.1 to 3.1.17 and earlier unsupported versionsVersions fixed:3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18Reported by:Lindon WassCVE identifier:CVE-2019-10133Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64708Tracker issue:MDL-64708 Open redirect in upload More info: https://moodle.org/mod/forum/discuss.php?d=386523&parent=1557997
Publicado el

MSA-19-0010: All messaging conversations could be viewed

by Michael Hawkins. A web service fetching messages was not restricted to the current users conversations.Severity/Risk:SeriousVersions affected:3.6 to 3.6.3Versions fixed:3.7, 3.6.4Reported by:Mazen GamalWorkaround:Disable the messaging system until the fix is applied.CVE identifier:CVE-2019-10132Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-65365Tracker issue:MDL-65365 All messaging conversations could be viewed More info: https://moodle.org/mod/forum/discuss.php?d=386521&parent=1557995
Acceso Administrador
Translate »