Download
| Alert*
|
CVE-2024-25978
Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality. CVE-2024-25979 The URL parameters accepted by forum search were not limited to the allowed parameters. CVE-2024-25980 Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers. CVE-2024-25981 Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers. CVE-2024-25982 The link to update all installed language packs did not include the necessary token to prevent a CSRF risk. CVE-2024-25983 Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page). |
