SB2016022209 - Multiple vulnerabilities in Moodle
Published: February 22, 2016 Updated: January 16, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 secuirty vulnerabilities.
1) Cross-site scripting (CVE-ID: CVE-2015-5269)
Vulnerability allows a remote attacker to perform XSS attacks.
The vulnerability is caused by an input validation error in group/overview.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
2) Information disclosure (CVE-ID: CVE-2015-5268)
The vulnerability allows a remote authenticated user to gain access to sensitive information.
The rating component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 mishandles group-based authorization checks, which allows remote authenticated users to obtain sensitive information by reading a rating value.
3) Information disclosure (CVE-ID: CVE-2015-5267)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mt_rand function to implement the random_string and complex_random_string functions, which makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.
4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2015-5266)
The vulnerability allows a remote authenticated user to read and manipulate data.
The enrol_meta_sync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager privileges in opportunistic circumstances by leveraging incorrect role processing during a long-running sync script.
5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2015-5265)
The vulnerability allows a remote authenticated user to manipulate data.
The wiki component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 does not consider the mod/wiki:managefiles capability before authorizing file management, which allows remote authenticated users to delete arbitrary files by using a manage-files button in a text editor.
6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2015-5264)
The vulnerability allows a remote authenticated user to read and manipulate data.
The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role.
7) Cross-site scripting (CVE-ID: CVE-2015-3275)
Vulnerability allows a remote attacker to perform XSS attacks.
The vulnerability is caused by an input validation error in the SCORM module in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 when processing a crafted organization name to (1) mod/scorm/player.php or (2) mod/scorm/prereqs.php. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Remediation
Install update from vendor's website.
References
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50709
- http://www.openwall.com/lists/oss-security/2015/09/21/1
- http://www.securitytracker.com/id/1033619
- https://moodle.org/mod/forum/discuss.php?d=320293
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50173
- https://moodle.org/mod/forum/discuss.php?d=320292
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50860
- https://moodle.org/mod/forum/discuss.php?d=320291
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50744
- https://moodle.org/mod/forum/discuss.php?d=320290
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48371
- https://moodle.org/mod/forum/discuss.php?d=320289
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50516
- https://moodle.org/mod/forum/discuss.php?d=320287
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50614
- http://openwall.com/lists/oss-security/2015/07/13/2
- http://www.securitytracker.com/id/1032877
- https://moodle.org/mod/forum/discuss.php?d=316665