MSA-17-0010: External blog editing takeover

由“Marina Glancy”.  

User could edit somebody else's external blog link. The ownership of the blog would be changed to the current user, therefore compromising other people was not possible

Versions affected:3.2 to 3.2.2, 3.1 to 3.1.5, 3.0 to 3.0.9, 2.7 to 2.7.19 and other unsupported versions
Versions fixed:3.2.3, 3.1.6, 3.0.10 and 2.7.20
Reported by:Vuk Ivanovic
CVE identifier:CVE-2017-7489
Changes (master):
Tracker issue:MDL-58635 External blog editing takeover

Read more