FreeBSD : moodle -- multiple vulnerabilities (82b3ca2a-8c07-11e5-bd18-002590263bf5)

high Nessus Plugin ID 86879

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Moodle Release Notes report :

MSA-15-0037 Possible to send a message to a user who blocked messages from non contacts

MSA-15-0038 DDoS possibility in Atto

MSA-15-0039 CSRF in site registration form

MSA-15-0040 Student XSS in survey

MSA-15-0041 XSS in flash video player

MSA-15-0042 CSRF in lesson login form

MSA-15-0043 Web service core_enrol_get_enrolled_users does not respect course group mode

MSA-15-0044 Capability to view available badges is not respected

MSA-15-0045 SCORM module allows to bypass access restrictions based on date

MSA-15-0046 Choice module closing date can be bypassed

Solution

Update the affected packages.

See Also

https://docs.moodle.org/dev/Moodle_2.7.11_release_notes

https://docs.moodle.org/dev/Moodle_2.8.9_release_notes

https://docs.moodle.org/dev/Moodle_2.9.3_release_notes

http://www.nessus.org/u?57c348d9

Plugin Details

Severity: High

ID: 86879

File Name: freebsd_pkg_82b3ca2a8c0711e5bd18002590263bf5.nasl

Version: 2.5

Type: local

Published: 11/16/2015

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:moodle27, p-cpe:/a:freebsd:freebsd:moodle28, p-cpe:/a:freebsd:freebsd:moodle29, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 11/16/2015

Vulnerability Publication Date: 11/9/2015