Security-Blog

Die Security-Gruppe informiert über behobene Sicherheitslücken in ILIAS

ILIAS 8.22

Tokar, David [tokard], Wolf, Fabian [fwolf] - 8. Jul 2025, 15:30

Following 5 security issues have been resolved:

0044299: [Weblink] Weblink: Missing permission checks
0044435: [Exercise] Exercise: Unauthorized access
0044469: [Glossary] Glossary: Missing RBAC checks
0044536: [Session (Course & Group)] Session: Missing RBAC checks
0045164: [Media Pools and Media Objects] Media Pool: DoS through infinite loop

Affected Version(s)

8.21, 9.10, 10.0 Beta3

Fixed Version(s)

8.22, 9.11, 10.0

CVSS Score 4.0

6.3

Reported by

Ilja Lukin (Fachhochschule Dortmund)

Affected Version(s)

8.21, 9.10, 10.0 Beta3

Fixed Version(s)

8.22, 9.11, 10.0

CVSS Score 4.0

6.3

Reported by

Michael Jansen (Databay AG)

Affected Version(s)

8.21, 9.10, 10.0 Beta3

Fixed Version(s)

8.22, 9.11, 10.0

CVSS Score 4.0

6.3

Reported by

Michael Jansen (Databay AG)

Affected Version(s)

8.21, 9.10, 10.0 Beta3

Fixed Version(s)

8.22, 9.11, 10.0

CVSS Score 4.0

6.3

Reported by

Michael Jansen (Databay AG)

Affected Version(s)

8.21, 9.10

Fixed Version(s)

8.22, 9.11

CVSS Score 4.0

7.1

Reported by

Fadi Asbih (Leibniz Universität Hannover)