Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Moodle 2.0.x < 2.0.5 / 2.1.x < 2.1.2 Multiple Vulnerabilities

Medium

Synopsis

The remote web server is hosting a web application that is vulnerable to multiple attack vectors.

Description

The remote web server hosts Moodle, an open-source course management system. Versions of Moodle 2.0.x prior to 2.0.5, or 2.1.x prior to 2.1.2 are exposed to the following vulnerabilities :

- Multiple cross-site request forgery (CSRF) vulnerabilities in 'mod/wiki/' components that allow remote attackers to hijack the authentication of arbitrary users for requests that modify wiki data. (MSA-11-0027 / CVE-2011-4298)

- A cross-site scripting (XSS) vulnerability in 'mod/wiki/pagelib.php' that allows remote authenticated users to inject arbitrary web script or HTML via a wiki comment. (MSA-11-0028 / CVE-2011-4299)

- An information disclosure flaw exists in the 'file_browser' component because it does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file. (MSA-11-0029 / CVE-2011-4300)

- A security-bypass flaw exists in the Box.net authentication plugin which was being used prior to OAuth-like authentication in Box.net. (MSA-11-0030)

- A flaw exists in the forms API that allows form values set as constants to be altered when the user submits the form. (MSA-11-0031 / CVE-2011-4301)

- A security flaw exists due to incorrect handling of openssl_verify() return codes and exposes the server to remote attacks bypassing validation. (MSA-11-0032 / CVE-2011-4302)

- A security flaw affects the script 'lib/db/upgrade.php' that does not set the correct 'registration_hubs.secret' value during installation, which allows remote attackers to bypass intended access restrictions by leveraging the hubs feature. (MSA-11-0033 / CVE-2011-4303)

- The chat functionality allows remote authenticated users to discover the name of any user via a beep operation. Beeping a user would disclose their full name, this also includes deleted users. (MSA-11-0034 / CVE-2011-4304)

- The parameter '$CFG->usesid' was added previously to allow simpler access, but this setting is now ignored to remove a security-bypass vulnerability that allowed for cookie-less user sessions. (MSA-11-0035)

- A cross-site scripting (XSS) vulnerability affects the Wiki. Specifically, this affects the 'section' parameter of the script 'mod/wiki/lang/en/wiki.php'. (MSA-11-0039 / CVE-2011-4307)

- An information disclosure flaw exists in 'mod/forum/user.php' which exposes user names to any authenticated members, rather than only students or administrators in the same course. (MSA-11-0040 / CVE-2011-4308)

- A security-bypass flaw allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL. (MSA-11-0041 / CVE-2011-4309)

Solution

Upgrade to Moodle version 2.0.5, 2.1.2, or later.