MSA-22-0016: Arbitrary file read when importing lesson questions

MSA-22-0016: Arbitrary file read when importing lesson questions

by Michael Hawkins. Insufficient path checks in a lesson question import resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.Severity/Risk:SeriousVersions affected:4.0 to 4.0.1, 3.11 to 3.11.7, 3.9 to 3.9.14 and earlier unsupported versionsVersions fixed:4.0.2, 3.11.8 and 3.9.15Reported by:loknopCVE identifier:CVE-2022-35650Changes

More info:

https://moodle.org/mod/forum/discuss.php?d=436457&parent=1756385Leer másÚltimas Vulnerabilidades

by Michael Hawkins. Insufficient path checks in a lesson question import resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.Severity/Risk:SeriousVersions affected:4.0 to 4.0.1, 3.11 to 3.11.7, 3.9 to 3.9.14 and earlier unsupported versionsVersions fixed:4.0.2, 3.11.8 and 3.9.15Reported by:loknopCVE identifier:CVE-2022-35650Changes More info: https://moodle.org/mod/forum/discuss.php?d=436457&parent=1756385
CISO2CISO_NO_IMAGE_V2

by Michael Hawkins. Insufficient path checks in a lesson question import resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.Severity/Risk:SeriousVersions affected:4.0 to 4.0.1, 3.11 to 3.11.7, 3.9 to 3.9.14 and earlier unsupported versionsVersions fixed:4.0.2, 3.11.8 and 3.9.15Reported by:loknopCVE identifier:CVE-2022-35650Changes

More info:

https://moodle.org/mod/forum/discuss.php?d=436457&parent=1756385Leer másÚltimas Vulnerabilidades

Facebook
Twitter
LinkedIn
Pinterest
admin

admin

All Posts »

Leave a Reply

Your email address will not be published. Required fields are marked *

Top Recommended Posts

Information Security Handbook for Network Beginners – NISC – National Center of Incident Readiness and Strategy for Cybsersecurity – Government of JAPAN
Information Security Handbook for Network Beginners – NISC – National Center of Incident Readiness and...
Data Breach Response
Data Breach Response
C-Level Executives Should Stay Away From These 6 Cybersecurity Myths
C-Level Executives Should Stay Away From These 6 Cybersecurity Myths
Cybersecurity in the C-suite and Boardroom by Jon Oltsik – Enterprise Strategy Group (ESG)
Cybersecurity in the C-suite and Boardroom by Jon Oltsik – Enterprise Strategy Group (ESG)
Windows 11 Security Book – Powerful security from chip to cloud – Built with zero-trust principles at the core to safeguard data and access anywhere, keeping you protected and productive.
Windows 11 Security Book – Powerful security from chip to cloud – Built with zero-trust...
SANS DFIR – CHEAT SHEETS & NOTEBOOKS – The most complete reference !!!
SANS DFIR – CHEAT SHEETS & NOTEBOOKS – The most complete reference !!!
ASPI
ASPI
A Guide to Building a Secure SDLC
A Guide to Building a Secure SDLC
The Real Cyber War – The Political Economy of Internet Freedom by Shawn Powers & Michael Jablonski
The Real Cyber War – The Political Economy of Internet Freedom by Shawn Powers &...
API Security Checklist
API Security Checklist