SB2024022309 - Multiple vulnerabilities in Moodle

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) Cross-site request forgery (CVE-ID: CVE-2024-25982)

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin in Language import utility. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.

2) Resource exhaustion (CVE-ID: CVE-2024-25978)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in file picker unzip functionality. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

3) Improper Handling of Parameters (CVE-ID: CVE-2024-25979)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the forum search accepts random parameters in its URL. A remote attacker can gain access to sensitive information.

4) Improper access control (CVE-ID: CVE-2024-25980)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to separate groups mode restrictions are not honoured in the H5P attempts report. A remote user can bypass implemented security restrictions and display users from other groups.

5) Improper access control (CVE-ID: CVE-2024-25981)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within separate groups mode restrictions when performing a forum export. A remote user can bypass implemented security restrictions and gain unauthorized access to forum data.

6) Authorization bypass through user-controlled key (CVE-ID: CVE-2024-25983)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the IDOR issue on dashboard comments block. A remote user can add comments to the comments block on another user's dashboard when it was not otherwise available.

Remediation

Install update from vendor's website.

References

• http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-54749
• https://bugzilla.redhat.com/show_bug.cgi?id=2264098
• https://moodle.org/mod/forum/discuss.php?d=455638
• http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74641
• https://bugzilla.redhat.com/show_bug.cgi?id=2264074
• https://moodle.org/mod/forum/discuss.php?d=455634
• http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69774
• https://bugzilla.redhat.com/show_bug.cgi?id=2264095
• https://moodle.org/mod/forum/discuss.php?d=455635
• http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80501
• https://bugzilla.redhat.com/show_bug.cgi?id=2264096
• https://moodle.org/mod/forum/discuss.php?d=455636
• http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80504
• https://bugzilla.redhat.com/show_bug.cgi?id=2264097
• https://moodle.org/mod/forum/discuss.php?d=455637
• http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78300
• https://bugzilla.redhat.com/show_bug.cgi?id=2264099
• https://moodle.org/mod/forum/discuss.php?d=455641