Moodle < 2.6 / 2.6.x < 2.6.9 / 2.7.x < 2.7.6 / 2.8.x < 2.8.4 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 8726

Synopsis

The remote web server is hosting a web application that is vulnerable to multiple attack vectors.

Description

The remote web server hosts Moodle, an open-source course management system. Versions of Moodle 2.6.x prior to 2.6.9, 2.7.x prior to 2.7.6, 2.8.x prior to 2.8.4, and all previous releases are exposed to the following vulnerabilities :

- An information disclosure vulnerability affects user profile data. By modifying an unspecified URL, a logged in user can view the list of another user's contacts, number of unread messages, and a list of their courses. (MSA-15-0010 / CVE-2015-2266)

- An authentication bypass vulnerability affects mdeploy. This flaw makes it possible to extract files anywhere on the system where the web server has write access. Although it is quite difficult to exploit since the attacker must have an account, know details about the system, and already have significant permissions on the site. (MSA-15-0011 / CVE-2015-2267)

- A denial of service vulnerability exists as a result of using a non-optimal regular expression in the filter which converts links to URLs. Specifically, this vulnerability affects the 'filter.php' script. (MSA-15-0012 / CVE-2015/2268)

- A cross-site scripting (XSS) vulnerability affects Block Titles. It is possible to create HTML injection through blocks with configurable titles, however this could only be exploited by users who are already marked as 'XSS-trusted' on the site. (MSA-15-0013 / CVE-2015-2269)

- An information disclosure vulnerability affects some custom Moodle themes that use block regions in the base layout for inaccessible courses. The content of these blocks and much of the course-related information could be exposed. Most themes, including all standard Moodle themes, are not affected. (MSA-15-0014 / CVE-2015-2270)

- A security bypass vulnerability affects the 'tag/user.php' script due to the program failing to respect capabilities for arbitrary users. This may allow an authenticated remote attacker to mark tags as inappropriate. (MSA-15-0015 / CVE-2015-2271)

- A cross-site scripting (XSS) vulnerability exists in the quiz statistics report script, 'statistics_question_table.php'. Specifically, this issue occurs because Quiz statistics report does not properly escape student responses. (MSA-15-0017 / CVE-2015-2273)

Solution

Upgrade to Moodle version 2.8.4 or later. If your installation cannot be upgraded to 2.8.x, versions 2.7.6 and 2.6.9 are also patched for these vulnerabilities.

See Also

http://moodle.org/security

http://www.nessus.org/u?9f1b8c4f

http://www.nessus.org/u?153077f7

http://www.nessus.org/u?e85968ee

Plugin Details

Severity: Medium

ID: 8726

File Name: 8726.prm

Family: CGI

Published: 2015/04/21

Modified: 2016/11/23

Dependencies: 8690

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 5

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:moodle:moodle

Patch Publication Date: 2015/03/09

Vulnerability Publication Date: 2015/03/16

Reference Information

CVE: CVE-2015-2266, CVE-2015-2267, CVE-2015-2268, CVE-2015-2269, CVE-2015-2270, CVE-2015-2271, CVE-2015-2273

BID: 73163, 73165, 73164, 73161, 73159, 73169