Opigno Learning path - Less critical - UI redressing (clickjacking) - SA-CONTRIB-2021-018

Project: Opigno Learning pathDate: 2021-June-23Security risk: Less critical 9∕25 AC:Complex/A:None/CI:None/II:None/E:Theoretical/TD:AllVulnerability: UI redressing (clickjacking)Description: This project is related to Opigno LMS distribution. It implements the learning path, that combines together in a very flexible way the differents steps of a training in Opigno LMS.
The module does not set X-Frame-Options and blocks ability of other modules (e.g Security Kit) to add them, leaving it vulnerable to Clickjacking.Solution: Install the latest version:

The issue was fixed in public but needed a security advisory. Users of the module are encouraged to upgrade to at least 8.x-1.11 or a later version to gain protection against this weakness.Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2021-018