Moodle 2.0.x < 2.0.5 / 2.1.x < 2.1.2 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 8713

Synopsis

The remote web server is hosting a web application that is vulnerable to multiple attack vectors.

Description

The remote web server hosts Moodle, an open-source course management system. Versions of Moodle 2.0.x prior to 2.0.5, or 2.1.x prior to 2.1.2 are exposed to the following vulnerabilities :

- Multiple cross-site request forgery (CSRF) vulnerabilities in 'mod/wiki/' components that allow remote attackers to hijack the authentication of arbitrary users for requests that modify wiki data. (MSA-11-0027 / CVE-2011-4298)

- A cross-site scripting (XSS) vulnerability in 'mod/wiki/pagelib.php' that allows remote authenticated users to inject arbitrary web script or HTML via a wiki comment. (MSA-11-0028 / CVE-2011-4299)

- An information disclosure flaw exists in the 'file_browser' component because it does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file. (MSA-11-0029 / CVE-2011-4300)

- A security-bypass flaw exists in the Box.net authentication plugin which was being used prior to OAuth-like authentication in Box.net. (MSA-11-0030)

- A flaw exists in the forms API that allows form values set as constants to be altered when the user submits the form. (MSA-11-0031 / CVE-2011-4301)

- A security flaw exists due to incorrect handling of openssl_verify() return codes and exposes the server to remote attacks bypassing validation. (MSA-11-0032 / CVE-2011-4302)

- A security flaw affects the script 'lib/db/upgrade.php' that does not set the correct 'registration_hubs.secret' value during installation, which allows remote attackers to bypass intended access restrictions by leveraging the hubs feature. (MSA-11-0033 / CVE-2011-4303)

- The chat functionality allows remote authenticated users to discover the name of any user via a beep operation. Beeping a user would disclose their full name, this also includes deleted users. (MSA-11-0034 / CVE-2011-4304)

- The parameter '$CFG-&gt;usesid' was added previously to allow simpler access, but this setting is now ignored to remove a security-bypass vulnerability that allowed for cookie-less user sessions. (MSA-11-0035)

- A cross-site scripting (XSS) vulnerability affects the Wiki. Specifically, this affects the 'section' parameter of the script 'mod/wiki/lang/en/wiki.php'. (MSA-11-0039 / CVE-2011-4307)

- An information disclosure flaw exists in 'mod/forum/user.php' which exposes user names to any authenticated members, rather than only students or administrators in the same course. (MSA-11-0040 / CVE-2011-4308)

- A security-bypass flaw allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL. (MSA-11-0041 / CVE-2011-4309)

Solution

Upgrade to Moodle version 2.0.5, 2.1.2, or later.

See Also

http://moodle.org/security

http://www.nessus.org/u?7019dd4e

http://www.nessus.org/u?713ec24f

http://www.openwall.com/lists/oss-security/2011/11/14/1

Plugin Details

Severity: Medium

ID: 8713

Family: CGI

Published: 2015/04/20

Modified: 2018/09/16

Dependencies: 8690

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 5.6

Temporal Score: 5.4

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:moodle:moodle

Patch Publication Date: 2011/10/10

Vulnerability Publication Date: 2011/10/18

Reference Information

CVE: CVE-2011-4298, CVE-2011-4299, CVE-2011-4300, CVE-2011-4301, CVE-2011-4302, CVE-2011-4303, CVE-2011-4307, CVE-2011-4308, CVE-2011-4309

BID: 73830, 73679, 50283