diff --git a/general/releases/4.5/4.5.12.md b/general/releases/4.5/4.5.12.md index bc8ef9c5c..1a94d3e51 100644 --- a/general/releases/4.5/4.5.12.md +++ b/general/releases/4.5/4.5.12.md @@ -36,4 +36,24 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation'; ## Security fixes {/* #security-fixes */} -A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version. +{/* */} + +- [MSA-26-0012](https://moodle.org/mod/forum/discuss.php?d=481810) - Arbitrary file read risk in Database activity module +- [MSA-26-0013](https://moodle.org/mod/forum/discuss.php?d=481811) - Email-based MFA bypass +- [MSA-26-0014](https://moodle.org/mod/forum/discuss.php?d=481812) - Arbitrary file read risk in backup restore +- [MSA-26-0015](https://moodle.org/mod/forum/discuss.php?d=481813) - RCE risk via admin presets import +- [MSA-26-0016](https://moodle.org/mod/forum/discuss.php?d=481814) - Missing group access checks in grade web services +- [MSA-26-0017](https://moodle.org/mod/forum/discuss.php?d=481817) - IDOR allows arbitrary comment deletion +- [MSA-26-0018](https://moodle.org/mod/forum/discuss.php?d=481818) - CSRF risk in user homepage preference setting +- [MSA-26-0019](https://moodle.org/mod/forum/discuss.php?d=481819) - CSRF risk in user profile page reset +- [MSA-26-0020](https://moodle.org/mod/forum/discuss.php?d=481820) - Reflected XSS via Feedback import error message +- [MSA-26-0021](https://moodle.org/mod/forum/discuss.php?d=481821) - CSRF and XSS in grade item idnumber editing +- [MSA-26-0022](https://moodle.org/mod/forum/discuss.php?d=481823) - CSRF risk in group messaging state toggle +- [MSA-26-0023](https://moodle.org/mod/forum/discuss.php?d=481824) - CSRF risk when adding quiz section headings +- [MSA-26-0024](https://moodle.org/mod/forum/discuss.php?d=481825) - Missing capability checks in AI placement web services +- [MSA-26-0025](https://moodle.org/mod/forum/discuss.php?d=481826) - CSRF risk in quiz attempt regrading +- [MSA-26-0026](https://moodle.org/mod/forum/discuss.php?d=481827) - Missing capability check in Assignment marker allocation +- [MSA-26-0027](https://moodle.org/mod/forum/discuss.php?d=481829) - Blind SSRF risk in MNet peers function +- [MSA-26-0028](https://moodle.org/mod/forum/discuss.php?d=481830) - DoS risk via user profile description +- [MSA-26-0029](https://moodle.org/mod/forum/discuss.php?d=481831) - Missing capability checks in report builder fragment callbacks +{/* */} diff --git a/general/releases/5.0/5.0.8.md b/general/releases/5.0/5.0.8.md index 42deeed95..415f3a329 100644 --- a/general/releases/5.0/5.0.8.md +++ b/general/releases/5.0/5.0.8.md @@ -29,4 +29,24 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation'; ## Security fixes {/* #security-fixes */} -A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version. +{/* */} + +- [MSA-26-0012](https://moodle.org/mod/forum/discuss.php?d=481810) - Arbitrary file read risk in Database activity module +- [MSA-26-0013](https://moodle.org/mod/forum/discuss.php?d=481811) - Email-based MFA bypass +- [MSA-26-0014](https://moodle.org/mod/forum/discuss.php?d=481812) - Arbitrary file read risk in backup restore +- [MSA-26-0015](https://moodle.org/mod/forum/discuss.php?d=481813) - RCE risk via admin presets import +- [MSA-26-0016](https://moodle.org/mod/forum/discuss.php?d=481814) - Missing group access checks in grade web services +- [MSA-26-0017](https://moodle.org/mod/forum/discuss.php?d=481817) - IDOR allows arbitrary comment deletion +- [MSA-26-0018](https://moodle.org/mod/forum/discuss.php?d=481818) - CSRF risk in user homepage preference setting +- [MSA-26-0019](https://moodle.org/mod/forum/discuss.php?d=481819) - CSRF risk in user profile page reset +- [MSA-26-0020](https://moodle.org/mod/forum/discuss.php?d=481820) - Reflected XSS via Feedback import error message +- [MSA-26-0021](https://moodle.org/mod/forum/discuss.php?d=481821) - CSRF and XSS in grade item idnumber editing +- [MSA-26-0022](https://moodle.org/mod/forum/discuss.php?d=481823) - CSRF risk in group messaging state toggle +- [MSA-26-0023](https://moodle.org/mod/forum/discuss.php?d=481824) - CSRF risk when adding quiz section headings +- [MSA-26-0024](https://moodle.org/mod/forum/discuss.php?d=481825) - Missing capability checks in AI placement web services +- [MSA-26-0025](https://moodle.org/mod/forum/discuss.php?d=481826) - CSRF risk in quiz attempt regrading +- [MSA-26-0026](https://moodle.org/mod/forum/discuss.php?d=481827) - Missing capability check in Assignment marker allocation +- [MSA-26-0027](https://moodle.org/mod/forum/discuss.php?d=481829) - Blind SSRF risk in MNet peers function +- [MSA-26-0028](https://moodle.org/mod/forum/discuss.php?d=481830) - DoS risk via user profile description +- [MSA-26-0029](https://moodle.org/mod/forum/discuss.php?d=481831) - Missing capability checks in report builder fragment callbacks +{/* */} diff --git a/general/releases/5.1/5.1.5.md b/general/releases/5.1/5.1.5.md index c259ce48a..087e7cf67 100644 --- a/general/releases/5.1/5.1.5.md +++ b/general/releases/5.1/5.1.5.md @@ -77,4 +77,24 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation'; ## Security fixes {/* #security-fixes */} -A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version. +{/* */} + +- [MSA-26-0012](https://moodle.org/mod/forum/discuss.php?d=481810) - Arbitrary file read risk in Database activity module +- [MSA-26-0013](https://moodle.org/mod/forum/discuss.php?d=481811) - Email-based MFA bypass +- [MSA-26-0014](https://moodle.org/mod/forum/discuss.php?d=481812) - Arbitrary file read risk in backup restore +- [MSA-26-0015](https://moodle.org/mod/forum/discuss.php?d=481813) - RCE risk via admin presets import +- [MSA-26-0016](https://moodle.org/mod/forum/discuss.php?d=481814) - Missing group access checks in grade web services +- [MSA-26-0017](https://moodle.org/mod/forum/discuss.php?d=481817) - IDOR allows arbitrary comment deletion +- [MSA-26-0018](https://moodle.org/mod/forum/discuss.php?d=481818) - CSRF risk in user homepage preference setting +- [MSA-26-0019](https://moodle.org/mod/forum/discuss.php?d=481819) - CSRF risk in user profile page reset +- [MSA-26-0020](https://moodle.org/mod/forum/discuss.php?d=481820) - Reflected XSS via Feedback import error message +- [MSA-26-0021](https://moodle.org/mod/forum/discuss.php?d=481821) - CSRF and XSS in grade item idnumber editing +- [MSA-26-0022](https://moodle.org/mod/forum/discuss.php?d=481823) - CSRF risk in group messaging state toggle +- [MSA-26-0023](https://moodle.org/mod/forum/discuss.php?d=481824) - CSRF risk when adding quiz section headings +- [MSA-26-0024](https://moodle.org/mod/forum/discuss.php?d=481825) - Missing capability checks in AI placement web services +- [MSA-26-0025](https://moodle.org/mod/forum/discuss.php?d=481826) - CSRF risk in quiz attempt regrading +- [MSA-26-0026](https://moodle.org/mod/forum/discuss.php?d=481827) - Missing capability check in Assignment marker allocation +- [MSA-26-0027](https://moodle.org/mod/forum/discuss.php?d=481829) - Blind SSRF risk in MNet peers function +- [MSA-26-0028](https://moodle.org/mod/forum/discuss.php?d=481830) - DoS risk via user profile description +- [MSA-26-0029](https://moodle.org/mod/forum/discuss.php?d=481831) - Missing capability checks in report builder fragment callbacks +{/* */} diff --git a/general/releases/5.2/5.2.1.md b/general/releases/5.2/5.2.1.md index 896183ebc..4f54b97e0 100644 --- a/general/releases/5.2/5.2.1.md +++ b/general/releases/5.2/5.2.1.md @@ -78,4 +78,24 @@ import { ReleaseNoteIntro } from '@site/src/components/ReleaseInformation'; ## Security fixes {/* #security-fixes */} -A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version. +{/* */} + +- [MSA-26-0012](https://moodle.org/mod/forum/discuss.php?d=481810) - Arbitrary file read risk in Database activity module +- [MSA-26-0013](https://moodle.org/mod/forum/discuss.php?d=481811) - Email-based MFA bypass +- [MSA-26-0014](https://moodle.org/mod/forum/discuss.php?d=481812) - Arbitrary file read risk in backup restore +- [MSA-26-0015](https://moodle.org/mod/forum/discuss.php?d=481813) - RCE risk via admin presets import +- [MSA-26-0016](https://moodle.org/mod/forum/discuss.php?d=481814) - Missing group access checks in grade web services +- [MSA-26-0017](https://moodle.org/mod/forum/discuss.php?d=481817) - IDOR allows arbitrary comment deletion +- [MSA-26-0018](https://moodle.org/mod/forum/discuss.php?d=481818) - CSRF risk in user homepage preference setting +- [MSA-26-0019](https://moodle.org/mod/forum/discuss.php?d=481819) - CSRF risk in user profile page reset +- [MSA-26-0020](https://moodle.org/mod/forum/discuss.php?d=481820) - Reflected XSS via Feedback import error message +- [MSA-26-0021](https://moodle.org/mod/forum/discuss.php?d=481821) - CSRF and XSS in grade item idnumber editing +- [MSA-26-0022](https://moodle.org/mod/forum/discuss.php?d=481823) - CSRF risk in group messaging state toggle +- [MSA-26-0023](https://moodle.org/mod/forum/discuss.php?d=481824) - CSRF risk when adding quiz section headings +- [MSA-26-0024](https://moodle.org/mod/forum/discuss.php?d=481825) - Missing capability checks in AI placement web services +- [MSA-26-0025](https://moodle.org/mod/forum/discuss.php?d=481826) - CSRF risk in quiz attempt regrading +- [MSA-26-0026](https://moodle.org/mod/forum/discuss.php?d=481827) - Missing capability check in Assignment marker allocation +- [MSA-26-0027](https://moodle.org/mod/forum/discuss.php?d=481829) - Blind SSRF risk in MNet peers function +- [MSA-26-0028](https://moodle.org/mod/forum/discuss.php?d=481830) - DoS risk via user profile description +- [MSA-26-0029](https://moodle.org/mod/forum/discuss.php?d=481831) - Missing capability checks in report builder fragment callbacks +{/* */}