MSA-22-0009: Upgrade CKEditor included in h5p-editor-php-library to latest version (upstream)

by Michael Hawkins.  

The CKEditor included in the h5p-editor-php-library within Moodle has been upgraded to the latest version, which includes security fixes.


...
Severity/Risk:Minor
Versions affected:3.11 to 3.11.5, 3.10 to 3.10.9, 3.9 to 3.9.12 and earlier unsupported versions
Versions fixed:3.11.6, 3.10.10 and 3.9.13
Reported by:Sara Arjona
Leer más...

MSA-22-0008: Upgrade PHPMailer to latest version (upstream)

by Michael Hawkins.  

The PHPMailer library included with Moodle has been upgraded to the latest version, which includes security fixes.


...
Severity/Risk:Minor
Versions affected:3.11 to 3.11.5, 3.10 to 3.10.9, 3.9 to 3.9.12 and earlier unsupported versions
Versions fixed:3.11.6, 3.10.10 and 3.9.13
Reported by:Sara Arjona (@sarjona)
CVE identifier:N/A
Ch
Leer más...

MSA-22-0007: Possible to reach the profile field badge criteria on a course page

by Michael Hawkins.  

Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.


...
Severity/Risk:Minor
Versions affected:3.11 to 3.11.5, 3.10 to 3.10.9, 3.9 to 3.9.12 and earlier unsupported versions
Version
Leer más...

MSA-22-0006: Users with moodle/site:uploadusers but without moodle/user:delete could delete users

by Michael Hawkins.  

Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.


...
Severity/Risk:Minor
Versions affected:3.11 to 3.11.5, 3.10 to 3.10.9, 3.9 to 3.9.12 and earlier unsupported versions
Versions fixed:3.11.6, 3.10.10 and
Leer más...