Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilised.
| Severity/Risk: | Minor |
| Versions affected: | 4.3 to 4.3.3 |
| Versions fixed: | 4.3.4 |
| Reported by: | caglaroflazoglu |
| CVE identifier: | CVE-2024-34009 |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81463 |
| Tracker issue: | MDL-81463 ReCAPTCHA can be bypassed on the login page |
Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk.
| Severity/Risk: | Minor |
| Versions affected: | 4.0 to 4.3.3, 4.2 to 4.2.6, 4.1 to 4.1.9 and earlier unsupported versions |
| Versions fixed: | 4.3.4, 4.2.7 and 4.1.10 |
| Reported by: | Paul Holden |
| CVE identifier: | CVE-2024-34008 |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81059 |
| Tracker issue: | MDL-81059 CSRF risk in analytics management of models |
The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF.
| Severity/Risk: | Minor |
| Versions affected: | 4.3 to 4.3.3 |
| Versions fixed: | 4.3.4 |
| Reported by: | Petr Skoda |
| CVE identifier: | CVE-2024-34007 |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80877 |
| Tracker issue: | MDL-80877 Logout CSRF in admin/tool/mfa/auth.php |
The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered.
| Severity/Risk: | Minor |
| Versions affected: | 4.0 to 4.3.3, 4.2 to 4.2.6, 4.1 to 4.1.9 and earlier unsupported versions |
| Versions fixed: | 4.3.4, 4.2.7 and 4.1.10 |
| Reported by: | Leon Stringer |
| CVE identifier: | CVE-2024-34006 |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80585 |
| Tracker issue: | MDL-80585 Unsanitized HTML in site log for config_log_created |
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file include.
| Severity/Risk: | Serious |
| Versions affected: | 4.0 to 4.3.3, 4.2 to 4.2.6, 4.1 to 4.1.9 and earlier unsupported versions |
| Versions fixed: | 4.3.4, 4.2.7 and 4.1.10 |
| Reported by: | Vincent Schneider (cli-ish) |
| CVE identifier: | CVE-2024-34005 |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81267 |
| Tracker issue: | MDL-81267 Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_data backup |
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file include.
| Severity/Risk: | Serious |
| Versions affected: | 4.0 to 4.3.3, 4.2 to 4.2.6, 4.1 to 4.1.9 and earlier unsupported versions |
| Versions fixed: | 4.3.4, 4.2.7 and 4.1.10 |
| Reported by: | Vincent Schneider (cli-ish) |
| CVE identifier: | CVE-2024-34004 |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81284 |
| Tracker issue: | MDL-81284 Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_wiki backup |
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file include.
| Severity/Risk: | Serious |
| Versions affected: | 4.0 to 4.3.3, 4.2 to 4.2.6, 4.1 to 4.1.9 and earlier unsupported versions |
| Versions fixed: | 4.3.4, 4.2.7 and 4.1.10 |
| Reported by: | Vincent Schneider (cli-ish) |
| CVE identifier: | CVE-2024-34003 |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80712 |
| Tracker issue: | MDL-80712 Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_workshop backup |
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules and direct access to the web server outside of the Moodle webroot could execute a local file include.
| Severity/Risk: | Serious |
| Versions affected: | 4.0 to 4.3.3, 4.2 to 4.2.6, 4.1 to 4.1.9 and earlier unsupported versions |
| Versions fixed: | 4.3.4, 4.2.7 and 4.1.10 |
| Reported by: | Vincent Schneider (cli-ish) |
| CVE identifier: | CVE-2024-34002 |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81135 |
| Tracker issue: | MDL-81135 Authenticated LFI risk in some misconfigured shared hosting environments via modified mod_feedback backup |
Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk.
| Severity/Risk: | Minor |
| Versions affected: | 4.0 to 4.3.3, 4.2 to 4.2.6, 4.1 to 4.1.9 and earlier unsupported versions |
| Versions fixed: | 4.3.4, 4.2.7 and 4.1.10 |
| Reported by: | Paul Holden |
| CVE identifier: | CVE-2024-34001 |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81058 |
| Tracker issue: | MDL-81058 CSRF risk in admin preset tool management of presets |
ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk.
| Severity/Risk: | Minor |
| Versions affected: | 4.0 to 4.3.3, 4.2 to 4.2.6, 4.1 to 4.1.9 and earlier unsupported versions |
| Versions fixed: | 4.3.4, 4.2.7 and 4.1.10 |
| Reported by: | Paul Holden |
| CVE identifier: | CVE-2024-34000 |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81062 |
| Tracker issue: | MDL-81062 Stored XSS in lesson overview report via user ID number |