MSA-08-0023: CSRF in messaging setting

MSA-08-0023: CSRF in messaging setting

by Petr Skoda -
Number of replies: 0
Topic: Cross Site Request Forgery (CSRF) in messaging setting
Severity: Major
Versions affected: < 1.6.8, < 1.7.6, < 1.8.7, < 1.9.3
Reported by: internal code review
Issue no.: MDL-16688
Solution: update to latest releases

Description:

The messaging settings page was exposed to a CSRF vulnerability because it wasn't protected by the sesskey mechanism.