Multiple vulnerabilities in Moodle
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2015-2273 CVE-2015-2272 CVE-2015-2271 CVE-2015-2270 CVE-2015-2269 CVE-2015-2268 CVE-2015-2267 CVE-2015-2266 |
| CWE-ID | CWE-79 CWE-264 CWE-20 CWE-399 CWE-284 CWE-200 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #5 is available. |
| Vulnerable software |
Moodle Web applications / Other software |
| Vendor | moodle.org |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Cross-site scripting
EUVDB-ID: #VU40738
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2015-2273
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionVulnerability allows a remote attacker to perform XSS attacks.
The vulnerability is caused by an input validation error in mod/quiz/report/statistics/statistics_question_table.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsMoodle: 2.5 - 2.8.3
CPE2.3- cpe:2.3:a:moodle_org:moodle:2.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.8.3:*:*:*:*:*:*:*
https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49364
https://openwall.com/lists/oss-security/2015/03/16/1
https://moodle.org/mod/forum/discuss.php?d=307387
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU40739
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2015-2272
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to manipulate data.
login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token.
MitigationInstall update from vendor's website.
Vulnerable software versionsMoodle: 2.5 - 2.8.3
CPE2.3- cpe:2.3:a:moodle_org:moodle:2.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.8.3:*:*:*:*:*:*:*
https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48691
https://openwall.com/lists/oss-security/2015/03/16/1
https://www.securityfocus.com/bid/73166
https://moodle.org/mod/forum/discuss.php?d=307386
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU40740
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2015-2271
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to manipulate data.
tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate action, which allows remote authenticated users to bypass intended access restrictions via the "Flag as inappropriate" feature.
MitigationInstall update from vendor's website.
Vulnerable software versionsMoodle: 2.5 - 2.8.3
CPE2.3- cpe:2.3:a:moodle_org:moodle:2.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.8.3:*:*:*:*:*:*:*
https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49084
https://openwall.com/lists/oss-security/2015/03/16/1
https://moodle.org/mod/forum/discuss.php?d=307385
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU40741
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2015-2270
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsMoodle: 2.5 - 2.8.3
CPE2.3- cpe:2.3:a:moodle_org:moodle:2.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.8.3:*:*:*:*:*:*:*
https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48804
https://openwall.com/lists/oss-security/2015/03/16/1
https://moodle.org/mod/forum/discuss.php?d=307384
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Cross-site scripting
EUVDB-ID: #VU40742
Risk: Low
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2015-2269
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when processing data passed via a (1) alt or (2) title attribute in an IMG element. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsMoodle: 2.5 - 2.8.3
CPE2.3- cpe:2.3:a:moodle_org:moodle:2.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.8.3:*:*:*:*:*:*:*
https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49144
https://openwall.com/lists/oss-security/2015/03/16/1
https://moodle.org/mod/forum/discuss.php?d=307383
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Resource management error
EUVDB-ID: #VU40743
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2015-2268
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.
filter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression.
MitigationInstall update from vendor's website.
Vulnerable software versionsMoodle: 2.5 - 2.8.3
CPE2.3- cpe:2.3:a:moodle_org:moodle:2.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.8.3:*:*:*:*:*:*:*
https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38466
https://openwall.com/lists/oss-security/2015/03/16/1
https://moodle.org/mod/forum/discuss.php?d=307382
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper access control
EUVDB-ID: #VU40744
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2015-2267
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to manipulate data.
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value.
MitigationInstall update from vendor's website.
Vulnerable software versionsMoodle: 2.5 - 2.8.3
CPE2.3- cpe:2.3:a:moodle_org:moodle:2.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.8.3:*:*:*:*:*:*:*
https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49087
https://openwall.com/lists/oss-security/2015/03/16/1
https://moodle.org/mod/forum/discuss.php?d=307381
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Information disclosure
EUVDB-ID: #VU40745
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2015-2266
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to gain access to sensitive information.
message/index.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/site:readallmessages capability before accessing arbitrary conversations, which allows remote authenticated users to obtain sensitive personal-contact and unread-message-count information via a modified URL.
MitigationInstall update from vendor's website.
Vulnerable software versionsMoodle: 2.5 - 2.8.3
CPE2.3- cpe:2.3:a:moodle_org:moodle:2.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:2.8.3:*:*:*:*:*:*:*
https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49204
https://openwall.com/lists/oss-security/2015/03/16/1
https://moodle.org/mod/forum/discuss.php?d=307380
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
