Multiple vulnerabilities in Moodle

1) Information disclosure

EUVDB-ID: #VU42953

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2013-1832

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote #AU# to gain access to sensitive information.

repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 includes the WebDAV password in the configuration form, which allows remote authenticated administrators to obtain sensitive information by configuring an instance.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Moodle: 2.0 - 2.4.1

CPE2.3

External links

https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37681
https://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
https://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
https://openwall.com/lists/oss-security/2013/03/25/2
https://moodle.org/mod/forum/discuss.php?d=225343

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Cross-site scripting

EUVDB-ID: #VU42954

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2013-1833

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when processing data passed via a crafted filename. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Moodle: 2.0 - 2.4.1

CPE2.3

External links

https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37507
https://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
https://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
https://openwall.com/lists/oss-security/2013/03/25/2
https://moodle.org/mod/forum/discuss.php?d=225344

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU42955

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2013-1834

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote #AU# to manipulate data.

notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated users to reassign notes via a modified (1) userid or (2) courseid field.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Moodle: 1.9 - 2.4.1

CPE2.3

cpe:2.3:a:moodle_org:moodle:1.9.19:*:*:*:*:*:*:*

External links

https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37411
https://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
https://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
https://openwall.com/lists/oss-security/2013/03/25/2
https://moodle.org/mod/forum/discuss.php?d=225346

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information disclosure

EUVDB-ID: #VU42956

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2013-1835

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote #AU# to gain access to sensitive information.

Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the login_as feature.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Moodle: 2.0 - 2.4.1

CPE2.3

External links

https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36426
https://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
https://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
https://openwall.com/lists/oss-security/2013/03/25/2
https://moodle.org/mod/forum/discuss.php?d=225347

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU42957

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2013-1836

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote #AU# to read and manipulate data.

Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories, which allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories by leveraging certain read access.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Moodle: 2.0 - 2.4.1

CPE2.3

External links

https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37852
https://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
https://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
https://openwall.com/lists/oss-security/2013/03/25/2
https://moodle.org/mod/forum/discuss.php?d=225348

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Information disclosure

EUVDB-ID: #VU42959

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2013-1831

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Moodle: 1.1.1 - 2.4.1

CPE2.3

External links

https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36901
https://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
https://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
https://openwall.com/lists/oss-security/2013/03/25/2
https://moodle.org/mod/forum/discuss.php?d=225342

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Information disclosure

EUVDB-ID: #VU42960

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2013-1829

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote #AU# to gain access to sensitive information.

calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not consider capability requirements before displaying calendar subscriptions, which allows remote authenticated users to obtain potentially sensitive information by leveraging the student role.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Moodle: 2.4 - 2.4.1

CPE2.3

External links

https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37338
https://openwall.com/lists/oss-security/2013/03/25/2
https://moodle.org/mod/forum/discuss.php?d=225339

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Risk	Medium
Patch available	YES
Number of vulnerabilities	7
CVE-ID	CVE-2013-1832 CVE-2013-1833 CVE-2013-1834 CVE-2013-1835 CVE-2013-1836 CVE-2013-1831 CVE-2013-1829
CWE-ID	CWE-200 CWE-79 CWE-264
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Moodle Web applications / Other software
Vendor	moodle.org