Uploaded image for project: 'Plugins'
  1. Plugins
  2. CONTRIB-7971

Possible CSRF vulnerability in BBB ajax intermediate script

    XMLWordPrintable

Details

    • MOODLE_38_STABLE

    Description

      I couldn't find where BBB performs sesskey checking in {bbb_ajax.php, which it appears to use as a custom endpoint for AJAX interactions - this could allow actions to be performed by a user without their knowledge

      Solution: implement user sesskey checks, or re-factor to use AJAX webservices

      Attachments

        Activity

          People

            jfederico Jesus Federico
            pholden Paul Holden
            Jesus Federico
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: