Opigno Learning path with Moderately Critical Access bypass Vulnerability
The Drupal Security Team announced on March 9th, 2022 a moderately critical access bypass vulnerability in Opigno Learning path SA-CONTRIB-20220-029. The security risk is classified moderately critical because of the rating 13∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All.
This module is used as part of the Opigno LMS distribution and implements learning paths for the LMS. The module was providing too much user information about users such as the list of groups a uid is in. The vulnerability was reported by Aaron Bauman of Message Agency.
Solution:
Install the latest version: If you use the opigno_learning_path module for Drupal 9.x, upgrade to Opigno_learning_path 3.0.1. The vulnerability is fixed by Aaron Bauman and James Aparicio of Connect-i (the supporting organization for this module).
More About the Opigno Learning path
It implements the learning path, that combines together in a very flexible way the different steps of training in Opigno LMS. These steps can be online modules, group assessments, live sessions, in-house sessions (or ILT, instructor-led training), videos, etc.
A graphical interface makes it very easy to build and maintain learning paths, with clicks and drag & drop actions. 951 sites currently report using this module. The module is compatible with the Drupal 9 version.
Source:
ASK: Drupal Community Needs Your Support
View all →
Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please reach out to us at #thedroptimes channel on Drupal Slack and we will try to address the issue as best we can.
