SB2020092106 - Multiple vulnerabilities in Moodle

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Stored cross-site scripting (CVE-ID: CVE-2020-25627)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via moodlenetprofile user profile field. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

2) Cross-site scripting (CVE-ID: CVE-2020-25628)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed to the filter in the admin task log. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

3) Improper Authorization (CVE-ID: CVE-2020-25629)

The vulnerability allows a remote user to escalate privileges within the application.

The vulnerability exists due to an error within the "Log in as" feature. A remote user with "Log in as" capability in a course context (typically, course managers) can gain access to some site administration capabilities by "logging in as" a System manager.

4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-25630)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the decompressed size of zip files is not checked against available user quota before unzipping them in the file picker unzip functionality. A remote attacker trick the victim to unzip a large archive and perform a denial of service (DoS) attack.

5) Cross-site scripting (CVE-ID: CVE-2020-25631)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via a book's chapter title. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Install update from vendor's website.

References

• https://moodle.org/mod/forum/discuss.php?d=410839
• https://moodle.org/mod/forum/discuss.php?d=410840
• https://moodle.org/mod/forum/discuss.php?d=410841
• https://moodle.org/mod/forum/discuss.php?d=410842
• https://moodle.org/mod/forum/discuss.php?d=410843