MSA-19-0007: Stored HTML in assignment submission comments allowed links to be opened directly

by Michael Hawkins.  

Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits.


...
Severity/Risk:Minor
Versions affected:3.6 to 3.6.2, 3.5 to 3.5.4, 3.4 to 3.4.7, 3.1 to
Leer más...

MSA-19-0006: Users could elevate their role when accessing the LTI tool on a provider site

by Michael Hawkins.  

Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.


...
Severity/Risk:Serious
Versions affected:3.6 to 3.6.2, 3.5 to 3.5.4, 3.4 to 3.4.7 and earlier unsupported versions
Versions fixed:3.6.3, 3.5.5 and 3.4.8
Reported by:Brendan Cox
CVE
Leer más...


MSA-19-0004: Log in as functionality exposed to JavaScript risk on other users' Dashboards

by Michael Hawkins.  

Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf.

Please note that for versions 3.1 and 3.4 only, this...

Leer más...