MSA-17-0012: CSRF in number of courses displayed in the course overview block

由“Marina Glancy”.  

The link changing user preference of how many courses to see in their course overview block was not protected against CSRF. This represents a minor security issue since it can't be exploited for anybody's benefit, only to create confusions

Versions affected:3.2 to 3.2.2, 3.1 to 3.1.5, 3.0 to 3.0.9, 2.7 to 2.7.19 and other unsupported versions
Versions fixed:3.2.3, 3.1.6, 3.0.10 and 2.7.20
Reported by:Lukas Schmidt
CVE identifier:CVE-2017-7491
Changes (master):
Tracker issue:MDL-58740 CSRF on my/index.php

Read more