it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
[IT-SecNots] [Security-news] Opigno Learning path - Moderately critical - Access bypass - SA-CONTRIB-2022-029
Chronologisch Thread
- From: security-news AT drupal.org
- To: security-news AT drupal.org
- Subject: [IT-SecNots] [Security-news] Opigno Learning path - Moderately critical - Access bypass - SA-CONTRIB-2022-029
- Date: Wed, 9 Mar 2022 18:59:42 +0000 (UTC)
- List-archive: <http://lists.drupal.org/pipermail/security-news/>
- List-id: <security-news.drupal.org>
View online: https://www.drupal.org/sa-contrib-2022-029
Project: Opigno Learning path [1]
Date: 2022-March-09
Security risk: *Moderately critical* 13∕25
AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All [2]
Vulnerability: Access bypass
Description:
This module is used as part of the Opigno LMS distribution and implements
learning paths for the LMS.
The module was providing too much user information about users such as the
list of groups a uid is in.
Solution:
Install the latest version:
* If you use the opigno_learning_path module for Drupal 9.x, upgrade to
3.0.1 opigno_learning_path 3.0.1 [3]
Reported By:
* Aaron Bauman [4]
Fixed By:
* Aaron Bauman [5]
* James Aparicio [6]
[1] https://www.drupal.org/project/opigno_learning_path
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/opigno_learning_path/releases/3.0.1
[4] https://www.drupal.org/user/384578
[5] https://www.drupal.org/user/384578
[6] https://www.drupal.org/user/2547544
_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news
- [IT-SecNots] [Security-news] Opigno Learning path - Moderately critical - Access bypass - SA-CONTRIB-2022-029, security-news, 09.03.2022
Archiv bereitgestellt durch MHonArc 2.6.24.