SB2018012214 - Multiple vulnerabilities in Moodle
Published: January 22, 2018 Updated: July 30, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2018-1042)
CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
The vulnerability allows a remote authenticated user to gain access to sensitive information.
Moodle 3.x has Server Side Request Forgery in the filepicker.
2) Input validation error (CVE-ID: CVE-2018-1043)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote authenticated user to manipulate data.
In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames.
3) Information disclosure (CVE-ID: CVE-2018-1044)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote authenticated user to gain access to sensitive information.
In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings.
Remediation
Install update from vendor's website.
References
- http://packetstormsecurity.com/files/153766/Moodle-Filepicker-3.5.2-Server-Side-Request-Forgery.html
- http://www.securityfocus.com/bid/102752
- https://moodle.org/mod/forum/discuss.php?d=364381
- http://www.securityfocus.com/bid/102769
- https://moodle.org/mod/forum/discuss.php?d=364382
- http://www.securityfocus.com/bid/102754
- https://moodle.org/mod/forum/discuss.php?d=364383