MSA-19-0016: Assignment group overrides did not observe separate groups mode

by Michael Hawkins.  

Teachers in an assignment group could modify group overrides for other groups in the same assignment.


...
Severity/Risk:Minor
Versions affected:3.7, 3.6 to 3.6.4, 3.5 to 3.5.6 and earlier unsupported versions
Versions fixed:3.7.1, 3.6.5 and 3.5.7
Reported by:David Monllaó
CVE identifier:CVE-2019-10189
Changes (master):http://git.moo
Leer más...

MSA-19-0015: Quiz group overrides did not observe groups membership or accessallgroups

by Michael Hawkins.  

Teachers in a quiz group could modify group overrides for other groups in the same quiz.


...
Severity/Risk:Minor
Versions affected:3.7, 3.6 to 3.6.4, 3.5 to 3.5.6 and earlier unsupported versions
Versions fixed:3.7.1, 3.6.5 and 3.5.7
Reported by:Charl Nel
CVE identifier:CVE-2019-10188
Changes (master):http://git.moodle.org/gw?p=mood
Leer más...

MSA-19-0014: Ability to delete glossary entries that belong to another glossary

by Michael Hawkins.  

Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to.


...
Severity/Risk:Minor
Versions affected:3.7, 3.6 to 3.6.4, 3.5 to 3.5.6 and earlier unsupported versions
Versions fixed:3.7.1, 3.6.5 and 3.5.7
Reported by:Peter Dias
CVE identifier:CVE-2019
Leer más...

MSA-19-0013: Missing sesskey (CSRF) token in loading/unloading XML files

by Michael Hawkins.  

A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.


...
Severity/Risk:Minor
Versions affected:3.7, 3.6 to 3.6.4, 3.5 to 3.5.6 and earlier unsupported versions
Versions fixed:3.7.1, 3.6.5 and 3.5.7
Reported by:Callum Carney
CVE identifier:CVE-2019-10186
Changes (master):http://git.moodle.org/gw?p=mo
Leer más...