Moodle 2.7.x < 2.7.10 / 2.8.x < 2.8.8 / 2.9.x < 2.9.2 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 8969

Synopsis

The remote web server is hosting a web application that is vulnerable to multiple attack vectors.

Description

Moodle, an open-source course management system, installed on the remote host is version 2.7.x prior to 2.7.10, 2.8.x prior to 2.8.8, or 2.9.x prior to 2.9.2, and is affected by multiple vulnerabilities :

- A flaw due to the program failing to restrict users properly allowing an authenticated remote attacker to delete arbitrary files uploaded from other users. (CVE-2015-5265)
- A race condition in the 'enrol/meta/locallib.php' script that can allow suspended students to get assigned a manager role in meta course for several minutes allowing an authenticated remote attacker to gain elevated privileges. (CVE-2015-5266)
- A flaw in the 'complex_random_string()' function in the 'lib/moodlelib.php' script that is due to the limitation of PHP randomization. This can cause the program to create predictable password recovery tokens. (CVE-2015-5267)
- A flaw in the lesson module that is due to the program failing to protect against making new attempts to answer some questions allowing an authenticated remote attacker to re-attempt answering questions in the lesson. (CVE-2015-5264)
- A flaw in the rating component that is due to the program failing to check separate groups allowing an authenticated remote attacker to view ratings from other groups. (CVE-2015-5268)
- A flaw that allows a stored cross-site scripting (XSS) attack. This flaw exists because the 'group/overview.php' script does not validate input to grouping descriptions before returning it to users. This may allow an authenticated, remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2015-5269)
- A flaw due to the program failing to check group access when posting to 'all participants' in forum allowing a remote attacker to bypass access restrictions and post to arbitrary locations. (CVE-2015-5272)

Solution

Upgrade to Moodle version 2.7.10, 2.8.8, or 2.9.2 or later.

See Also

https://docs.moodle.org/dev/Moodle_2.7.10_release_notes

https://docs.moodle.org/dev/Moodle_2.8.8_release_notes

https://docs.moodle.org/dev/Moodle_2.9.2_release_notes

Plugin Details

Severity: High

ID: 8969

Family: CGI

Published: 2015/10/07

Modified: 2015/10/07

Dependencies: 8690

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.1

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 7.5

Temporal Score: 7

Vector: CVSS3#AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:moodle:moodle

Patch Publication Date: 2015/09/14

Vulnerability Publication Date: 2015/06/25

Reference Information

CVE: CVE-2015-5264, CVE-2015-5265, CVE-2015-5266, CVE-2015-5267, CVE-2015-5268, CVE-2015-5269, CVE-2015-5272