SB2021071911 - Multiple vulnerabilities in Moodle
Published: July 19, 2021 Updated: October 25, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 12 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2021-36403)
The vulnerability allows a remote attacker to perform phishing attack.
The vulnerability exists due to insufficient validation of user-supplied input when processing email notifications containing HTML. In some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk.
2) Input validation error (CVE-ID: CVE-2021-36402)
The vulnerability allows a remote attacker to perform phishing attacks.
The vulnerability exists due to insufficient validation of user-supplied input when processing user names in account confirmation emails. A remote attacker can modify email contents via a specially crafted username and perform phishing attack.
3) Stored cross-site scripting (CVE-ID: CVE-2021-36401)
The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied input when exporting to data formats supporting HTML. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
4) Externally Controlled Reference to a Resource in Another Sphere (CVE-ID: CVE-2021-36400)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect permissions checks when deleting calendar URLs. A remote user can delete calendar URLs that belong to other application users.
5) Stored cross-site scripting (CVE-ID: CVE-2021-36399)
The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data passed via the user ID number to quiz override screens. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
6) Stored cross-site scripting (CVE-ID: CVE-2021-36398)
The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data passed via the user ID number to the web service token list. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
7) Externally Controlled Reference to a Resource in Another Sphere (CVE-ID: CVE-2021-36397)
The vulnerability allows a remote user to bypass implemented security restrictions.
The vulnerability exists due to insufficient permissions checks when deleting messages. A remote user can delete messages that belong to other web application users.
8) Blind server-side request forgery (SSRF) (CVE-ID: CVE-2021-36396)
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can bypass cURL blocked hosts/allowed ports restrictions and trick the application to initiate requests to arbitrary systems.
9) Uncontrolled Recursion (CVE-ID: CVE-2021-36395)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of file repository URLs. A remote attacker can create a specially crafted file repository URL and perform a denial of service attack.
10) Code Injection (CVE-ID: CVE-2021-36394)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Shibboleth authentication plugin. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) SQL injection (CVE-ID: CVE-2021-36393)
The vulnerability allows a remote user to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the library fetching a user's recent courses. A remote user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
12) SQL injection (CVE-ID: CVE-2021-36392)
The vulnerability allows a remote user to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data when fetching enrolled courses. A remote user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
Remediation
Install update from vendor's website.
References
- https://moodle.org/mod/forum/discuss.php?d=424809
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71919
- https://tracker.moodle.org/browse/MDL-71919
- https://moodle.org/mod/forum/discuss.php?d=424808
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-58393
- https://tracker.moodle.org/browse/MDL-58393
- https://moodle.org/mod/forum/discuss.php?d=424807
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71981
- https://tracker.moodle.org/browse/MDL-71981
- https://moodle.org/mod/forum/discuss.php?d=424806
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71978
- https://tracker.moodle.org/browse/MDL-71978
- https://moodle.org/mod/forum/discuss.php?d=424805
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71898
- https://tracker.moodle.org/browse/MDL-71898
- https://moodle.org/mod/forum/discuss.php?d=424804
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71760
- https://tracker.moodle.org/browse/MDL-71760
- https://moodle.org/mod/forum/discuss.php?d=424803
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71917
- https://tracker.moodle.org/browse/MDL-71917
- https://moodle.org/mod/forum/discuss.php?d=424802
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71916
- https://tracker.moodle.org/browse/MDL-71916
- https://moodle.org/mod/forum/discuss.php?d=424801
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71922
- https://tracker.moodle.org/browse/MDL-71922
- https://moodle.org/mod/forum/discuss.php?d=424799
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71957
- https://tracker.moodle.org/browse/MDL-71957
- https://moodle.org/mod/forum/discuss.php?d=424798
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71242
- https://tracker.moodle.org/browse/MDL-71242
- https://github.com/T0X1Cx/CVE-2021-36393-Exploit
- https://moodle.org/mod/forum/discuss.php?d=424797
- https://tracker.moodle.org/browse/MDL-71241
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71241