Multiple vulnerabilities in Moodle
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2012-3387 CVE-2012-3388 CVE-2012-3389 CVE-2012-3394 CVE-2012-3396 CVE-2012-3397 |
| CWE-ID | CWE-264 CWE-79 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Moodle Web applications / Other software |
| Vendor | moodle.org |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU43787
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-3387
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to manipulate data.
Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias (aka shortcut) restrictions via a client that omits this check.
MitigationInstall update from vendor's website.
Vulnerable software versionsMoodle: 2.3
CPE2.3 External linkshttps://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33948
https://openwall.com/lists/oss-security/2012/07/17/1
https://secunia.com/advisories/49890
https://www.securityfocus.com/bid/54481
https://exchange.xforce.ibmcloud.com/vulnerabilities/76954
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU43788
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-3388
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to manipulate data.
The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record.
MitigationInstall update from vendor's website.
Vulnerable software versionsMoodle: 2.2 - 2.3
CPE2.3 External linkshttps://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33916
https://openwall.com/lists/oss-security/2012/07/17/1
https://secunia.com/advisories/49890
https://www.securityfocus.com/bid/54481
https://exchange.xforce.ibmcloud.com/vulnerabilities/76955
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Cross-site scripting
EUVDB-ID: #VU43789
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-3389
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionVulnerability allows a remote attacker to perform XSS attacks.
The vulnerability is caused by an input validation error in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 when processing the (1) lti_typename or (2) lti_toolurl parameter. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsMoodle: 2.2 - 2.3
CPE2.3 External linkshttps://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31692
https://openwall.com/lists/oss-security/2012/07/17/1
https://secunia.com/advisories/49890
https://www.securityfocus.com/bid/54481
https://exchange.xforce.ibmcloud.com/vulnerabilities/76965
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU43794
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2012-3394
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL, which allows remote attackers to obtain sensitive information by sniffing the network.
MitigationInstall update from vendor's website.
Vulnerable software versionsMoodle: 2.1 - 2.3
CPE2.3- cpe:2.3:a:moodle_org:moodle:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.3:*:*:*:*:*:*:*
https://git.moodle.org/gw?p=moodle.git;a=commit;h=9d8d2ee6192e8b7ebb6713bd6215e06f94e2a9f7
https://openwall.com/lists/oss-security/2012/07/17/1
https://secunia.com/advisories/49890
https://www.securityfocus.com/bid/54481
https://exchange.xforce.ibmcloud.com/vulnerabilities/76960
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Cross-site scripting
EUVDB-ID: #VU43796
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-3396
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionVulnerability allows a remote attacker to perform Cross-site scripting attacks.
An input validation error exists in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsMoodle: 2.0 - 2.3
CPE2.3- cpe:2.3:a:moodle_org:moodle:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.3:*:*:*:*:*:*:*
https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34045
https://openwall.com/lists/oss-security/2012/07/17/1
https://secunia.com/advisories/49890
https://www.securityfocus.com/bid/54481
https://exchange.xforce.ibmcloud.com/vulnerabilities/76962
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU43797
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2012-3397
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to manipulate data.
lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 does not check for a group-membership requirement when determining whether an activity is unavailable or hidden, which allows remote authenticated users to bypass intended access restrictions by selecting an activity that is configured for a group of other users.
MitigationInstall update from vendor's website.
Vulnerable software versionsMoodle: 2.0 - 2.3
CPE2.3- cpe:2.3:a:moodle_org:moodle:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.3:*:*:*:*:*:*:*
https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33466
https://openwall.com/lists/oss-security/2012/07/17/1
https://secunia.com/advisories/49890
https://www.securityfocus.com/bid/54481
https://exchange.xforce.ibmcloud.com/vulnerabilities/76963
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
