Moodle < 2.4 / 2.4.x < 2.4.10 / 2.5.x < 2.5.6 / 2.6.x < 2.6.3 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 8716
SynopsisThe remote web server is hosting a web application that is vulnerable to multiple attack vectors.
DescriptionThe remote web server hosts Moodle, an open-source course management system. Versions of Moodle 2.4.x prior to 2.4.10, 2.5.x prior to 2.5.6, 2.6.x prior to 2.6.3, and all previous releases are exposed to the following vulnerabilities :
- A cross-site request forgery (CSRF) vulnerability affects the quick-grading function. Session checking was not being performed correctly in Assignment's quick-grading, allowing forged requests to be made unknowingly by authenticated users. (MSA-14-0014 / CVE-2014-0213)
- A security bypass weakness affects session Token expiration in MoodleMobile. Tokens created automatically in 'login/token.php' are valid forever. (MSA-14-0015 / CVE-2014-0214)
- An information disclosure flaw which exposes student details through the use of a screen reader or viewing the HTML source code. (MSA-14-0016 / CVE-2014-0215)
- An authorization bypass vulnerability exists because it fails to restrict access to the files linked in HTML blocks on 'My Home' page. Successful exploits will allow attackers to gain unauthorized access to these files. (MSA-14-0017 / CVE-2014-0216)
- An information disclosure flaw that may allow a remote attacker to gain access to the details of hidden courses on enrollment pages via URL manipulation. (MSA-14-0018 / CVE-2014-0217)
- A reflected cross-site scripting (XSS) vulnerability affects the URL downloader repository due to a lack of filtering. (MSA-14-0019 / CVE-2014-0218)
SolutionUpgrade to Moodle version 2.7. If your installation cannot be upgraded to 2.7.x, versions 2.6.3, 2.5.6 and 2.4.10 are also patched for these vulnerabilities.