Security announcements

MSA-12-0022: Security conflict in Web services

 
My mug
MSA-12-0022: Security conflict in Web services
 
Topic: HTML5 apps cannot call Web services functions if an HTTP resource is retrieved from the Moodle installation
Severity: Minor
Versions affected: 2.2 to 2.2.1+, 2.1 to 2.1.4+
Reported by: Juan Leyva

Workaround:

Disable Web services

Issue no.: MDL-30495
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-30495

Description:

HTML5 apps were being sent cookies which, when sent in later access requests, would cause the Web services to block them.