MSA-19-0014: Ability to delete glossary entries that belong to another glossary

by Michael Hawkins.  

Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to.


...
Severity/Risk:Minor
Versions affected:3.7, 3.6 to 3.6.4, 3.5 to 3.5.6 and earlier unsupported versions
Versions fixed:3.7.1, 3.6.5 and 3.5.7
Reported by:Peter Dias
CVE identifier:CVE-2019
Leer más...

MSA-19-0013: Missing sesskey (CSRF) token in loading/unloading XML files

by Michael Hawkins.  

A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.


...
Severity/Risk:Minor
Versions affected:3.7, 3.6 to 3.6.4, 3.5 to 3.5.6 and earlier unsupported versions
Versions fixed:3.7.1, 3.6.5 and 3.5.7
Reported by:Callum Carney
CVE identifier:CVE-2019-10186
Changes (master):http://git.moodle.org/gw?p=mo
Leer más...

MSA-19-0012: Private files uploaded via incoming mail processing could bypass quota restrictions

by Michael Hawkins.  

The size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded.


...
Severity/Risk:Minor
Versions affected:3.6 to 3.6.3, 3.5 to 3.5.5, 3.4 to 3.4.8, 3.1 to 3.1.17 and earlier unsupported versions
Versions fixed:3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18
Reported by:Guillermo Leon
Leer más...