Security announcements

MSA-17-0010: External blog editing takeover

 
Picture of Marina Glancy
MSA-17-0010: External blog editing takeover
 

User could edit somebody else's external blog link. The ownership of the blog would be changed to the current user, therefore compromising other people was not possible


Severity/Risk: Minor
Versions affected: 3.2 to 3.2.2, 3.1 to 3.1.5, 3.0 to 3.0.9, 2.7 to 2.7.19 and other unsupported versions
Versions fixed: 3.2.3, 3.1.6, 3.0.10 and 2.7.20
Reported by: Vuk Ivanovic
CVE identifier: CVE-2017-7489
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-58635
Tracker issue: MDL-58635 External blog editing takeover