Security announcements

MSA-15-0011: Authentication in mdeploy can be bypassed

 
Picture of Marina Glancy
MSA-15-0011: Authentication in mdeploy can be bypassed
 
Description: Theoretically possible to extract files anywhere on the system where the web server has write access. Although it is quite difficult to exploit since attacking user must know details about the system and already have significant permissions on the site.
Issue summary: Authentication in mdeploy can be bypassed
Severity/Risk: Serious
Versions affected: 2.8 to 2.8.3, 2.7 to 2.7.5, 2.6 to 2.6.8 and earlier unsupported versions
Versions fixed: 2.8.4, 2.7.6 and 2.6.9
Reported by: Frédéric Massart
Issue no.: MDL-49087
Workaround: Delete the file mdeploy.php or prevent access to it in the web server config
CVE identifier: CVE-2015-2267
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49087