Day: 21 julio, 2020

Publicado el

Lodash library vulnerability CVE-2019-10744

Lodash library vulnerability CVE-2019-10744 Security Advisory Security Advisory Description Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep ... More info: https://support.f5.com/csp/article/K47105354?utm_source=f5support&utm_medium=RSS
Publicado el

MSA-20-0007: Vulnerable JavaScript libraries: jQuery 1.9.1 (upstream)

by Michael Hawkins. The JQuery version used by the H5P library contained a prototype pollution risk, which has now been updated to a patched version.Severity/Risk:MinorVersions affected:3.8 to 3.8.3Versions fixed:3.8.4 and 3.9Reported by:weblendwebCVE identifier:CVE-2019-11358Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-68704Tracker issue:MDL-68704 Vulnerable JavaScript libraries: jQuery 1.9.1 (upstream) More info: https://moodle.org/mod/forum/discuss.php?d=407391&parent=1644266
Publicado el

MSA-20-0008: Reflected XSS in admin task logs filter

by Michael Hawkins. The filter in the admin task log required extra sanitizing to prevent a reflected XSS risk.Severity/Risk:SeriousVersions affected:3.9, 3.8 to 3.8.3 and 3.7 to 3.7.6Versions fixed:3.9.1, 3.8.4 and 3.7.7Reported by:Spyridon ChatzimichailCVE identifier:CVE-2020-14320Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69128Tracker issue:MDL-69128 Reflected XSS in admin task logs filter More info: https://moodle.org/mod/forum/discuss.php?d=407392&parent=1644267
Publicado el

MSA-20-0009: Course enrolments allowed privilege escalation from teacher role into manager role

by Michael Hawkins. Teachers of a course were able to assign themselves the manager role within that course.Severity/Risk:SeriousVersions affected:3.9, 3.8 to 3.8.3, 3.7 to 3.7.6, 3.5 to 3.5.12 and earlier unsupported versionsVersions fixed:3.9.1, 3.8.4, 3.7.7 and 3.5.13Reported by:Kien HoangCVE identifier:CVE-2020-14321Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69093Tracker issue:MDL-69093 Course enrolments allowed privilege More info: https://moodle.org/mod/forum/discuss.php?d=407393&parent=1644268
Publicado el

MSA-20-0010: yui_combo should mitigate denial of service risk

by Michael Hawkins. yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service.Severity/Risk:SeriousVersions affected:3.9, 3.8 to 3.8.3, 3.7 to 3.7.6, 3.5 to 3.5.12 and earlier unsupported versionsVersions fixed:3.9.1, 3.8.4, 3.7.7 and 3.5.13Reported by:Yuri ZwaigCVE identifier:CVE-2020-14322Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-68426Tracker issue:MDL-68426 yui_combo should mitigate More info: https://moodle.org/mod/forum/discuss.php?d=407394&parent=1644269
Acceso Administrador
Translate »