I made the updates to correct this issue. Do any of you know how I could check to see if anyone has tried to exploit this flaw? What to look for in the logs? Any ideas?
Natassia
What would MSA-25-0011 be?
Hi Eduardo,
In line with our Security Procedures, information about security fixes is published to https://moodle.org/security/ approximately one week after release.
It sounds like you're saying that you can't tell me how to detect a compromise without revealing how to exploit the flaw, correct?
Natassia
Hi Natassia,
My previous reply was specifically addressing Eduado's question. However I believe you are correct, the details you are asking about would either potentially expose exploit information, or at least reveal details that are not currently published in a public forum.
My previous reply was specifically addressing Eduado's question. However I believe you are correct, the details you are asking about would either potentially expose exploit information, or at least reveal details that are not currently published in a public forum.
Hi Natassia,
how did you come to know about MSA-25-0011 ?
I subscribe to Michael's info releases but so far nothing was released and I looked at all the version release info and couldn't find anything. Is there another spot to look up where you got the info about 0011?#
Best, Maresa
Hi Maresa,
If you are a site administrator, you can opt in for security alerts as part of the site registration process. Sites registered for security alerts receive release and security fix information on release day, which is one week earlier than the public announcements made to https://moodle.org/security/
I hope that helps!
Ah, now I understand. Thank you, Michael! 