MSA-19-0008: Secure layout contained an insecure link in Boost theme

by Michael Hawkins.  

There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page.


...
Severity/Risk:Minor
Versions affected:3.6 to 3.6.2 and 3.5 to 3.5.4
Versions fixed:3.6.3 and 3.5.5
Reported by:Martin von Löwis and Luca Bösch
CVE identifier:CVE-2019-3851
Changes (master):http://git.moodle.
Leer más...

MSA-19-0007: Stored HTML in assignment submission comments allowed links to be opened directly

by Michael Hawkins.  

Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits.


...
Severity/Risk:Minor
Versions affected:3.6 to 3.6.2, 3.5 to 3.5.4, 3.4 to 3.4.7, 3.1 to
Leer más...