Security announcements | Moodle.org

MSA-15-0008: Forced logout through Shibboleth authentication plugin

por Marina Glancy - segunda-feira, 19 jan. 2015, 10:02

Description:	It was possible to forge a request to logout users even when not authenticated through Shibboleth
Issue summary:	Forced logout via auth/shibboleth/logout.php
Severity/Risk:	Serious
Versions affected:	2.8 to 2.8.1, 2.7 to 2.7.3, 2.6 to 2.6.6 and earlier unsupported versions
Versions fixed:	2.8.2, 2.7.4 and 2.6.7
Reported by:	Petr Skoda
Issue no.:	MDL-47964
Workaround:	Deny access to file auth/shibboleth/logout.php in webserver configuration
CVE identifier:	CVE-2015-0218
Changes (master):	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47964

Link direto

Discutir este tópico  (0 respostas até agora)

MSA-15-0007: ReDoS possible in the multimedia filter

por Marina Glancy - segunda-feira, 19 jan. 2015, 10:01

Description:	Not optimal regular expression in the filter could be exploited to create extra server load or make particular page unavailable
Issue summary:	ReDOS in the multimedia filter
Severity/Risk:	Serious
Versions affected:	2.8 to 2.8.1, 2.7 to 2.7.3, 2.6 to 2.6.6 and earlier unsupported versions
Versions fixed:	2.8.2, 2.7.4 and 2.6.7
Reported by:	Nicolas Martignoni
Issue no.:	MDL-48546
Workaround:	Disable multimedia filter
CVE identifier:	CVE-2015-0217
Changes (master):	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48546

Link direto

Discutir este tópico  (0 respostas até agora)

MSA-15-0006: Capability to grade Lesson module is missing XSS bitmask

por Marina Glancy - segunda-feira, 19 jan. 2015, 10:00

Description:	Users with capability to grade in Lesson module were not reported as users with XSS risk but their feedback was displayed without cleaning
Issue summary:	mod/lesson:grade capability missing RISK_XSS but essay feedback is displayed with noclean=true
Severity/Risk:	Minor
Versions affected:	2.8 to 2.8.1
Versions fixed:	2.8.2
Reported by:	Damyon Wiese
Issue no.:	MDL-48034
CVE identifier:	CVE-2015-0216
Changes (master):	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48034

Link direto

Discutir este tópico  (0 respostas até agora)

MSA-15-0005: Insufficient access check in calendar functions in web-services

por Marina Glancy - segunda-feira, 19 jan. 2015, 09:59

Description:	Through web-services it was possible to get information about calendar events which user did not have enough permissions to see
Issue summary:	calendar/externallib.php lacks self::validate_context($context);
Severity/Risk:	Minor
Versions affected:	2.8 to 2.8.1, 2.7 to 2.7.3, 2.6 to 2.6.6 and earlier unsupported versions
Versions fixed:	2.8.2, 2.7.4 and 2.6.7
Reported by:	Petr Skoda
Issue no.:	MDL-48017
CVE identifier:	CVE-2015-0215
Changes (master):	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48017

Link direto

Discutir este tópico  (0 respostas até agora)

MSA-15-0004: Information leak through messaging functions in web-services

por Marina Glancy - segunda-feira, 19 jan. 2015, 09:58

Description:	Through web-services it was possible to access messaging-related functions such as people search even if messaging is disabled on the site
Issue summary:	Messages external functions doesn't check if messaging is enabled
Severity/Risk:	Minor
Versions affected:	2.8 to 2.8.1, 2.7 to 2.7.3, 2.6 to 2.6.6 and earlier unsupported versions
Versions fixed:	2.8.2, 2.7.4 and 2.6.7
Reported by:	Juan Leyva
Issue no.:	MDL-48329
Workaround:	Disable web services or disable individual message-related functions
CVE identifier:	CVE-2015-0214
Changes (master):	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48329

Link direto

Discutir este tópico  (0 respostas até agora)

MSA-15-0003: CSRF possible in Glossary module

por Marina Glancy - segunda-feira, 19 jan. 2015, 09:56

Description:	Two files in the Glossary module lacked a session key check potentially allowing cross-site request forgery
Issue summary:	Multiple CSRF in mod glossary
Severity/Risk:	Serious
Versions affected:	2.8 to 2.8.1, 2.7 to 2.7.3, 2.6 to 2.6.6 and earlier unsupported versions
Versions fixed:	2.8.2, 2.7.4 and 2.6.7
Reported by:	Ankit Agarwal
Issue no.:	MDL-48106
CVE identifier:	CVE-2015-0213
Changes (master):	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48106

Link direto

Discutir este tópico  (0 respostas até agora)

MSA-15-0002: XSS vulnerability in course request pending approval page

por Marina Glancy - segunda-feira, 19 jan. 2015, 09:55

Description:	Course summary on course request pending approval page was displayed to the manager unescaped and could be used for XSS attack
Issue summary:	XSS in course request pending approval page (Privilege Escalation?)
Severity/Risk:	Serious
Versions affected:	2.8 to 2.8.1, 2.7 to 2.7.3, 2.6 to 2.6.6 and earlier unsupported versions
Versions fixed:	2.8.2, 2.7.4 and 2.6.7
Reported by:	Skylar Kelty
Issue no.:	MDL-48368
Workaround:	Grant permission moodle/course:request only to trusted users
CVE identifier:	CVE-2015-0212
Changes (master):	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48368

Link direto

Discutir este tópico  (0 respostas até agora)

MSA-15-0001: Insufficient access check in LTI module

por Marina Glancy - segunda-feira, 19 jan. 2015, 09:52

Description:	Absence of capability check in AJAX backend script could allow any enrolled user to search the list of registered tools
Issue summary:	mod/lti/ajax.php security problems
Severity/Risk:	Minor
Versions affected:	2.8 to 2.8.1, 2.7 to 2.7.3, 2.6 to 2.6.6 and earlier unsupported versions
Versions fixed:	2.8.2, 2.7.4 and 2.6.7
Reported by:	Petr Skoda
Issue no.:	MDL-47920
CVE identifier:	CVE-2015-0211
Changes (master):	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47920

Link direto

Discutir este tópico  (0 respostas até agora)

MSA-14-0049: Possible to print arbitrary message to user by modifying URL

por Marina Glancy - segunda-feira, 17 nov. 2014, 12:28

Description:	Session key check was missing on return page in module LTI allowing attacker to include arbitrary message in URL query string
Issue summary:	mod/lti/return.php allows attacker to print arbitrary message
Severity/Risk:	Minor
Versions affected:	2.7 to 2.7.2, 2.6 to 2.6.5, 2.5 to 2.5.8 and earlier unsupported versions
Versions fixed:	2.8, 2.7.3, 2.6.6 and 2.5.9
Reported by:	Petr Skoda
Issue no.:	MDL-47927
CVE identifier:	-
Changes (master):	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47927

Link direto

Discutir este tópico  (0 respostas até agora)

MSA-14-0048: CSRF in forum tracking toggle

por Marina Glancy - segunda-feira, 17 nov. 2014, 12:27

Description:	Set tracking script in the Forum module lacked a session key check potentially allowing cross-site request forgery.
Issue summary:	CSRF in mod/forum/settracking.php
Severity/Risk:	Minor
Versions affected:	2.7 to 2.7.2, 2.6 to 2.6.5, 2.5 to 2.5.8 and earlier unsupported versions
Versions fixed:	2.8, 2.7.3, 2.6.6 and 2.5.9
Reported by:	Petr Skoda
Issue no.:	MDL-48019
CVE identifier:	CVE-2014-7838
Changes (master):	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48019

Link direto

Discutir este tópico  (0 respostas até agora)