MSA-20-0015: Chapter name in book not always escaped with forceclean enabled

von Michael Hawkins.  

It was possible to include JavaScript in a book's chapter title, which was not escaped on the "Add new chapter" page.

Note: By default this functionality is only available to trusted users (such as teachers), but has been included as a security issue as a precaution, since it was not sanitized on sites with forceclean...

Leer más...

MSA-20-0014: Denial of service risk in file picker unzip functionality

von Michael Hawkins.  

The decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk.


...
Severity/Risk:Serious
Versions affected:3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions
Versions fixed:3.9.2, 3.8.5, 3.7.8 and 3.5.14
Rep
Leer más...

MSA-20-0013: Log in as capability in a course context may lead to some privilege escalation

von Michael Hawkins.  

Users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager.


...
Severity/Risk:Minor
Versions affected:3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions
Versions fixed:3.9.2,
Leer más...

MSA-20-0012: Reflected XSS in tag manager

von Michael Hawkins.  

The filter in the admin task log required extra sanitizing to prevent a reflected XSS risk.


...
Severity/Risk:Serious
Versions affected:3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions
Versions fixed:3.9.2, 3.8.5, 3.7.8 and 3.5.14
Reported by:Luuk Verhoeven
CVE identifier:CVE-2020-25628
Chang
Leer más...