SB2012072405 - Multiple vulnerabilities in Moodle

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2012072405

SB2012072405 - Multiple vulnerabilities in Moodle

Published: July 24, 2012 Updated: January 16, 2023

Security Bulletin ID SB2012072405
Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 17% Low 83%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-3387)

The vulnerability allows a remote #AU# to manipulate data.

Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias (aka shortcut) restrictions via a client that omits this check.


2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-3388)

The vulnerability allows a remote #AU# to manipulate data.

The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record.


3) Cross-site scripting (CVE-ID: CVE-2012-3389)

Vulnerability allows a remote attacker to perform XSS attacks.

The vulnerability is caused by an input validation error in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 when processing the (1) lti_typename or (2) lti_toolurl parameter. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


4) Information disclosure (CVE-ID: CVE-2012-3394)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL, which allows remote attackers to obtain sensitive information by sniffing the network.


5) Cross-site scripting (CVE-ID: CVE-2012-3396)

Vulnerability allows a remote attacker to perform Cross-site scripting attacks.

An input validation error exists in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-3397)

The vulnerability allows a remote #AU# to manipulate data.

lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 does not check for a group-membership requirement when determining whether an activity is unavailable or hidden, which allows remote authenticated users to bypass intended access restrictions by selecting an activity that is configured for a group of other users.


Remediation

Install update from vendor's website.

References