MSA-19-0013: Missing sesskey (CSRF) token in loading/unloading XML files

by Michael Hawkins.  

A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.


...
Severity/Risk:Minor
Versions affected:3.7, 3.6 to 3.6.4, 3.5 to 3.5.6 and earlier unsupported versions
Versions fixed:3.7.1, 3.6.5 and 3.5.7
Reported by:Callum Carney
CVE identifier:CVE-2019-10186
Changes (master):http://git.moodle.org/gw?p=mo
Leer más...

MSA-19-0012: Private files uploaded via incoming mail processing could bypass quota restrictions

by Michael Hawkins.  

The size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded.


...
Severity/Risk:Minor
Versions affected:3.6 to 3.6.3, 3.5 to 3.5.5, 3.4 to 3.4.8, 3.1 to 3.1.17 and earlier unsupported versions
Versions fixed:3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18
Reported by:Guillermo Leon
Leer más...