Security announcements

MSA-26-0029: Missing capability checks in report builder fragment callbacks

بواسطة - Michael Hawkins

The report builder fragment output callbacks did not verify that the requesting user had the required capability to access the requested report, potentially allowing users to retrieve report data beyond their permitted access.

Severity/Risk: Minor
Versions affected: 5.2, 5.1 to 5.1.4, 5.0 to 5.0.7, 4.5 to 4.5.11 and earlier unsupported versions
Versions fixed: 5.2.1, 5.1.5, 5.0.8 and 4.5.12
Reported by: Paul Holden
CVE identifier: Pending (this will be updated once available)
Changes (main): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84535
Tracker issue: MDL-84535 Missing capability checks in report builder fragment callbacks
ناقش هذا الموضوع  (0 الردود حتى الآن)

MSA-26-0028: DoS risk via user profile description

بواسطة - Michael Hawkins

User profile descriptions for authenticated users posed a denial of service risk due to the absence of a defined maximum length.

Severity/Risk: Serious
Versions affected: 5.2, 5.1 to 5.1.4, 5.0 to 5.0.7, 4.5 to 4.5.11 and earlier unsupported versions
Versions fixed: 5.2.1, 5.1.5, 5.0.8 and 4.5.12
Reported by: David Bogner
CVE identifier: Pending (this will be updated once available)
Changes (main): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-87898
Tracker issue: MDL-87898 DoS risk via user profile description
ناقش هذا الموضوع  (0 الردود حتى الآن)

MSA-26-0027: Blind SSRF risk in MNet peers function

بواسطة - Michael Hawkins

A blind SSRF risk was identified in the MNet peers management functionality, due to missing validation of peer hostnames against the cURL blocked hosts configuration. Note: This feature is only available to site administrators.

Severity/Risk: Minor
Versions affected: 5.2, 5.1 to 5.1.4, 5.0 to 5.0.7, 4.5 to 4.5.11 and earlier unsupported versions
Versions fixed: 5.2.1, 5.1.5, 5.0.8 and 4.5.12
Reported by: DangKhai (VPBank Security Team)
CVE identifier: Pending (this will be updated once available)
Changes (main): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-87911
Tracker issue: MDL-87911 Blind SSRF risk in MNet peers function
ناقش هذا الموضوع  (0 الردود حتى الآن)

MSA-26-0026: Missing capability check in Assignment marker allocation

بواسطة - Michael Hawkins

Insufficient capability checks in the Assignment module's marker allocation functionality allowed users without the required capability to allocate markers to submissions.

Severity/Risk: Serious
Versions affected: 5.2, 5.1 to 5.1.4, 5.0 to 5.0.7, 4.5 to 4.5.11 and earlier unsupported versions
Versions fixed: 5.2.1, 5.1.5, 5.0.8 and 4.5.12
Reported by: Paul Holden
CVE identifier: Pending (this will be updated once available)
Changes (main): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-88529
Tracker issue: MDL-88529 Missing capability check in Assignment marker allocation
ناقش هذا الموضوع  (0 الردود حتى الآن)

MSA-26-0025: CSRF risk in quiz attempt regrading

بواسطة - Michael Hawkins

The regrade action in the quiz overview report did not include the necessary token to prevent a CSRF risk.

Severity/Risk: Serious
Versions affected: 5.2, 5.1 to 5.1.4, 5.0 to 5.0.7, 4.5 to 4.5.11 and earlier unsupported versions
Versions fixed: 5.2.1, 5.1.5, 5.0.8 and 4.5.12
Reported by: Paul Holden
CVE identifier: Pending (this will be updated once available)
Changes (main): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-88531
Tracker issue: MDL-88531 CSRF risk in quiz attempt regrading
ناقش هذا الموضوع  (0 الردود حتى الآن)

MSA-26-0024: Missing capability checks in AI placement web services

بواسطة - Michael Hawkins

Capability checks were missing from course assistance AI placement web services, which could allow users to make requests to those AI course assistance web services without having the relevant capabilities (if those features are enabled).

Severity/Risk: Minor
Versions affected: 5.2, 5.1 to 5.1.4, 5.0 to 5.0.7, 4.5 to 4.5.11 and earlier unsupported versions
Versions fixed: 5.2.1, 5.1.5, 5.0.8 and 4.5.12
Reported by: Paul Holden
CVE identifier: Pending (this will be updated once available)
Changes (main): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-88533
Tracker issue: MDL-88533 Missing capability checks in AI placement web services
ناقش هذا الموضوع  (0 الردود حتى الآن)

MSA-26-0023: CSRF risk when adding quiz section headings

بواسطة - Michael Hawkins

The quiz feature to add section headings did not include the necessary token to prevent a CSRF risk.

Severity/Risk: Minor
Versions affected: 5.2, 5.1 to 5.1.4, 5.0 to 5.0.7, 4.5 to 4.5.11 and earlier unsupported versions
Versions fixed: 5.2.1, 5.1.5, 5.0.8 and 4.5.12
Reported by: Paul Holden
CVE identifier: Pending (this will be updated once available)
Changes (main): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-88540
Tracker issue: MDL-88540 CSRF risk when adding quiz section headings
ناقش هذا الموضوع  (0 الردود حتى الآن)

MSA-26-0022: CSRF risk in group messaging state toggle

بواسطة - Michael Hawkins

The actions to enable and disable group messaging did not include the necessary token to prevent a CSRF risk.

Severity/Risk: Minor
Versions affected: 5.2, 5.1 to 5.1.4, 5.0 to 5.0.7, 4.5 to 4.5.11 and earlier unsupported versions
Versions fixed: 5.2.1, 5.1.5, 5.0.8 and 4.5.12
Reported by: Paul Holden
CVE identifier: Pending (this will be updated once available)
Changes (main): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-88541
Tracker issue: MDL-88541 CSRF risk in group messaging state toggle
ناقش هذا الموضوع  (0 الردود حتى الآن)

MSA-26-0021: CSRF and XSS in grade item idnumber editing

بواسطة - Michael Hawkins

The grade item ID number editing functionality did not include the necessary token to prevent a CSRF risk and also lacked sufficient output sanitizing to prevent an XSS risk.

Severity/Risk: Serious
Versions affected: 5.2, 5.1 to 5.1.4, 5.0 to 5.0.7, 4.5 to 4.5.11 and earlier unsupported versions
Versions fixed: 5.2.1, 5.1.5, 5.0.8 and 4.5.12
Reported by: Paul Holden
CVE identifier: Pending (this will be updated once available)
Changes (main): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-88542
Tracker issue: MDL-88542 CSRF and XSS in grade item idnumber editing
ناقش هذا الموضوع  (0 الردود حتى الآن)

MSA-26-0020: Reflected XSS via Feedback import error message

بواسطة - Michael Hawkins

The Feedback activity module's import functionality required additional sanitizing to prevent a reflected XSS risk.

Severity/Risk: Minor
Versions affected: 5.2, 5.1 to 5.1.4, 5.0 to 5.0.7, 4.5 to 4.5.11 and earlier unsupported versions
Versions fixed: 5.2.1, 5.1.5, 5.0.8 and 4.5.12
Reported by: Paul Holden
CVE identifier: Pending (this will be updated once available)
Changes (main): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-88543
Tracker issue: MDL-88543 Reflected XSS via Feedback import error message
ناقش هذا الموضوع  (0 الردود حتى الآن)