Upcoming Security Fix for edx-platform on 2024-05-17

dave · May 15, 2024, 12:48am

A security patch for openedx/edx-platform will be added to the Quince release, the Redwood release candidate branch, and to the current github master branch around 2024-05-17T14:00:00Z.

It will fix one security defect with a “high” CVSS 3.1 severity rating .

Details will be published here after release: GitHub security advisory .

dave · May 17, 2024, 2:26pm

The security fix has been published.

Advisory: Privilege re-escalation in Studio after staff access removed · Advisory · openedx/edx-platform · GitHub

Commit added to:

master: fix: prevent setting user attributes from JWT in Studio · openedx/edx-platform@4c0623b · GitHub
open-release/redwood.master: fix: prevent setting user attributes from JWT in Studio · openedx/edx-platform@2d72df0 · GitHub
open-release/quince.master: fix: prevent setting user attributes from JWT in Studio · openedx/edx-platform@3ff69fd · GitHub

Topic		Replies	Views
Security: Upcoming Security Release for edx-platform on 2024-06-17 Security	2	161	June 17, 2024
Upcoming Moderate Security Fix for edx-platform on 2024-01-12 Security	1	243	January 12, 2024
Security: Upcoming Security Release for edx-platform 2024-07-25 Security edx-platform	1	58	July 25, 2024
Security: Upcoming Security Release for edx-platform on 2023-07-25 Security	1	329	July 25, 2023
Security: Upcoming Security Release for openedx-translations 2024-08-23 Security translation	0	38	August 21, 2024

Upcoming Security Fix for edx-platform on 2024-05-17

Related topics