SB2023101832 - Multiple vulnerabilities in Moodle
Published: October 18, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 13 secuirty vulnerabilities.
1) Cross-site scripting (CVE-ID: CVE-2023-5547)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the course upload preview. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
2) Information disclosure (CVE-ID: CVE-2023-5551)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to separate Groups mode restrictions are not honoured in the forum summary report. A remote user can display users from other groups.
3) Code Injection (CVE-ID: CVE-2023-5550)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a local file inclusion in some misconfigured shared hosting environments. A remote user can execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Improper access control (CVE-ID: CVE-2023-5549)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to insufficient capability checks when updating the parent of a course category. A remote user can move categories a they have permission to manage, to a parent category they have not have the capability to manage.
5) Acceptance of Extraneous Untrusted Data With Trusted Data (CVE-ID: CVE-2023-5548)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to acceptance of extraneous untrusted data with trusted data within file serving endpoints revision control.
6) Improper access control (CVE-ID: CVE-2023-5543)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to duplicating a BigBlueButton activity assigns the same meeting ID. A remote attacker can bypass implemented security restrictions and gain access to the original meeting.
7) Information disclosure (CVE-ID: CVE-2023-5545)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the automatically populated H5P author name. A remote attacker can gain unauthorized access to sensitive information on the system.
8) Improper access control (CVE-ID: CVE-2023-5542)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user in "Only see own membership" groups can see other students in the group.
9) Code Injection (CVE-ID: CVE-2023-5539)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the Lesson activity. A remote user can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Code Injection (CVE-ID: CVE-2023-5540)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the IMSCP activity. A remote user can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Cross-site scripting (CVE-ID: CVE-2023-5541)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the CSV grade import method. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
12) Stored cross-site scripting (CVE-ID: CVE-2023-5544)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Wiki comments. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
13) Stored cross-site scripting (CVE-ID: CVE-2023-5546)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the ID numbers displayed in the quiz grading report. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Remediation
Install update from vendor's website.
References
- https://moodle.org/mod/forum/discuss.php?d=451588
- https://moodle.org/mod/forum/discuss.php?d=451592
- https://moodle.org/mod/forum/discuss.php?d=451591
- https://moodle.org/mod/forum/discuss.php?d=451590
- https://moodle.org/mod/forum/discuss.php?d=451589
- https://moodle.org/mod/forum/discuss.php?d=451584
- https://moodle.org/mod/forum/discuss.php?d=451586
- https://moodle.org/mod/forum/discuss.php?d=451583
- https://moodle.org/mod/forum/discuss.php?d=451580
- https://moodle.org/mod/forum/discuss.php?d=451581
- https://moodle.org/mod/forum/discuss.php?d=451582
- https://moodle.org/mod/forum/discuss.php?d=451585
- https://moodle.org/mod/forum/discuss.php?d=451587