MGASA-2016-0029
- Source
- https://advisories.mageia.org/MGASA-2016-0029.html
- Import Source
- https://advisories.mageia.org/MGASA-2016-0029.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2016-0029
- Related
- Published
- 2016-01-20T17:53:26Z
- Modified
- 2016-01-20T17:43:10Z
- Summary
- Updated moodle packages fix security vulnerability
- Details
-
In Moodle before 2.8.10, web services coreenrolgetcourseenrolmentmethods and enrolselfgetinstance_info did not check user permission to access hidden courses (CVE-2016-0724).
In Moodle before 2.8.10, search string in course management interface was not escaped when being output creating potential for XSS attack (CVE-2016-0725).
- References
-
- https://advisories.mageia.org/MGASA-2016-0029.html
- https://bugs.mageia.org/show_bug.cgi?id=17537
- https://moodle.org/mod/forum/discuss.php?d=326205
- https://moodle.org/mod/forum/discuss.php?d=326206
- https://docs.moodle.org/dev/Moodle_2.8.10_release_notes
- https://moodle.org/mod/forum/discuss.php?d=325820
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / moodle
Package
- Name
- moodle
- Purl
- pkg:rpm/mageia/moodle?arch=source&distro=mageia-5