Multiple vulnerabilities in Moodle
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2020-25627 CVE-2020-25628 CVE-2020-25629 CVE-2020-25630 CVE-2020-25631 |
| CWE-ID | CWE-79 CWE-285 CWE-264 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
Moodle Web applications / Other software |
| Vendor | moodle.org |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Stored cross-site scripting
EUVDB-ID: #VU46834
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P/U:Clear]
CVE-ID: CVE-2020-25627
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: Yes
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data passed via moodlenetprofile user profile field. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMoodle: 3.9.0 - 3.9.1
CPE2.3 External linkshttps://moodle.org/mod/forum/discuss.php?d=410839
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cross-site scripting
EUVDB-ID: #VU46835
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-25628
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data passed to the filter in the admin task log. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMoodle: 3.0 - 3.9.1
CPE2.3- cpe:2.3:a:moodle_org:moodle:3.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:3.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:3.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:3.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:3.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:3.5.13:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:3.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:3.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle_org:moodle:3.8.4:*:*:*:*:*:*:*
https://moodle.org/mod/forum/discuss.php?d=410840
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Authorization
EUVDB-ID: #VU46836
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-25629
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges within the application.
The vulnerability exists due to an error within the "Log in as" feature. A remote user with "Log in as" capability in a course context (typically, course managers) can gain access to some site administration capabilities by "logging in as" a System manager.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMoodle: 3.0 - 3.9.1
CPE2.3https://moodle.org/mod/forum/discuss.php?d=410841
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU46837
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-25630
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the decompressed size of zip files is not checked against available user quota before unzipping them in the file picker unzip functionality. A remote attacker trick the victim to unzip a large archive and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMoodle: 3.0 - 3.9.1
CPE2.3https://moodle.org/mod/forum/discuss.php?d=410842
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Cross-site scripting
EUVDB-ID: #VU46838
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-25631
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data passed via a book's chapter title. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMoodle: 3.7.0 beta - 3.9.1
CPE2.3https://moodle.org/mod/forum/discuss.php?d=410843
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
