Moodle < 2.7.11 / 2.8.x < 2.8.9 / 2.9.x < 2.9.3 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 9191

Synopsis

The remote web server is hosting a web application that is vulnerable to multiple attack vectors.

Description

Moodle, an open-source course management system, installed on the remote host is version 2.7.x prior to 2.7.11, 2.8.x prior to 2.8.9, or 2.9.x prior to 2.9.3, and is affected by multiple vulnerabilities :

- Flowplayer Flash contains a flaw that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the program does not validate unspecified input before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2015-5337)
- A flaw exists that allows a stored cross-site scripting (XSS) attack. This flaw exists because the program does not validate input when handling answers for the survey module before returning it to users. This may allow an authenticated remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2015-5336)
- A flaw exists in the Lesson module as HTTP requests do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a Cross-Site Request Forgery (CSRF/XSRF) attack causing the victim to have an unspecified impact related to password protected lessons. (CVE-2015-5338)
- A flaw exists in the SCORM module that is triggered as the program fails to properly handle availability dates. This may allow an authenticated remote attacker to bypass date-based access restrictions. (CVE-2015-5341)
- A flaw exists in the choice module that may allow an authenticated remote attacker to modify URLs and bypass the closing date restrictions. This may allow the attacker to delete or submit new responses after a choice has been closed. (CVE-2015-5342)
- A flaw exists in 'core_enrol_get_enrolled_users' in the web service that is triggered by a failure to respect course group mode. This may allow a remote attacker to gain access to a list of course participants, regardless of their group. (CVE-2015-5339)
- A flaw exists that is due to the program not properly requiring the capability to view badges without earning them to actually view them. This may allow an authenticated remote attacker to gain access to a full list of badges. (CVE-2015-5340)
- A flaw exists as HTTP requests to 'register.php' do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a Cross-Site Request Forgery (CSRF/XSRF) attack causing the victim to register new hubs. (CVE-2015-5335)

Solution

Upgrade to Moodle version 2.9.3 or later. If version 2.9.x cannot be obtained, versions 2.8.9 or 2.7.11 have also been patched for these issues.

See Also

https://docs.moodle.org/dev/Moodle_2.7.11_release_notes

https://docs.moodle.org/dev/Moodle_2.8.9_release_notes

https://docs.moodle.org/dev/Moodle_2.9.3_release_notes

Plugin Details

Severity: Medium

ID: 9191

Family: CGI

Published: 2016/04/08

Modified: 2016/04/08

Dependencies: 8690

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:moodle:moodle

Patch Publication Date: 2015/11/09

Vulnerability Publication Date: 2015/11/06

Reference Information

CVE: CVE-2015-5335, CVE-2015-5336, CVE-2015-5337, CVE-2015-5338, CVE-2015-5339, CVE-2015-5340, CVE-2015-5341, CVE-2015-5342