Multiple vulnerabilities in Moodle



Published: 2024-05-15
Risk High
Patch available YES
Number of vulnerabilities 14
CVE-ID CVE-2024-34008
CVE-2024-34000
CVE-2024-34001
CVE-2024-34002
CVE-2024-34003
CVE-2024-34006
CVE-2024-34007
CVE-2024-33999
CVE-2024-33996
CVE-2024-33997
CVE-2024-33998
CVE-2024-34004
CVE-2024-34005
CVE-2024-34009
CWE-ID CWE-352
CWE-79
CWE-98
CWE-254
CWE-284
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Moodle
Web applications / Other software

Vendor moodle.org

Security Bulletin

This security bulletin contains information about 14 vulnerabilities.

1) Cross-site request forgery

EUVDB-ID: #VU89527

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-34008

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin in analytics management of models. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Moodle: 4.0.0 - 4.3.3

CPE2.3 External links

http://moodle.org/mod/forum/discuss.php?d=458397
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81059


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Stored cross-site scripting

EUVDB-ID: #VU89546

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-34000

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in lesson overview report via user ID number. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Moodle: 4.0.0 - 4.3.3

CPE2.3 External links

http://moodle.org/mod/forum/discuss.php?d=458388
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81062


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Cross-site request forgery

EUVDB-ID: #VU89545

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-34001

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin in admin preset tool management of presets. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Moodle: 4.0.0 - 4.3.3

CPE2.3 External links

http://moodle.org/mod/forum/discuss.php?d=458389


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) PHP file inclusion

EUVDB-ID: #VU89544

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-34002

CWE-ID: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program

Exploit availability: No

Description

The vulnerability allows a remote attacker to include and execute arbitrary PHP files on the server.

The vulnerability exists due to incorrect input validation when including PHP files in some misconfigured shared hosting environments via modified mod_feedback backup. A remote user can send a specially crafted HTTP request to the affected application, include and execute arbitrary PHP code on the system with privileges of the web server.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Moodle: 4.0.0 - 4.3.3

CPE2.3 External links

http://moodle.org/mod/forum/discuss.php?d=458390
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81135


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) PHP file inclusion

EUVDB-ID: #VU89543

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-34003

CWE-ID: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program

Exploit availability: No

Description

The vulnerability allows a remote attacker to include and execute arbitrary PHP files on the server.

The vulnerability exists due to incorrect input validation when including PHP files in some misconfigured shared hosting environments via modified mod_workshop backup. A remote user can send a specially crafted HTTP request to the affected application, include and execute arbitrary PHP code on the system with privileges of the web server.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Moodle: 4.0.0 - 4.3.3

CPE2.3 External links

http://moodle.org/mod/forum/discuss.php?d=458391
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80712


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Cross-site scripting

EUVDB-ID: #VU89542

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-34006

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in site log for config_log_created. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Moodle: 4.0.0 - 4.3.3

CPE2.3 External links

http://moodle.org/mod/forum/discuss.php?d=458395
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80585


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Cross-site request forgery

EUVDB-ID: #VU89541

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-34007

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin in admin/tool/mfa/auth.php. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Moodle: 4.3.0 - 4.3.3

CPE2.3 External links

http://moodle.org/mod/forum/discuss.php?d=458396
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80877


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Security features bypass

EUVDB-ID: #VU89539

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-33999

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php. A remote attacker can bypass authentication.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Moodle: 4.3.0 - 4.3.3

CPE2.3 External links

http://moodle.org/mod/forum/discuss.php?d=458387
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80878


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper access control

EUVDB-ID: #VU89536

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-33996

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions when setting calendar event type. A remote user can create events with types/audiences they are not have permission to publish to.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Moodle: 4.0.0 - 4.3.3

CPE2.3 External links

http://moodle.org/mod/forum/discuss.php?d=458384
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81247


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Stored cross-site scripting

EUVDB-ID: #VU89534

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-33997

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when editing another user's equation in equation editor. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Moodle: 4.0.0 - 4.3.3

CPE2.3 External links

http://moodle.org/mod/forum/discuss.php?d=458385
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81352


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Stored cross-site scripting

EUVDB-ID: #VU89533

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-33998

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within user's name on participants page when opening some options. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Moodle: 4.0.0 - 4.3.3

CPE2.3 External links

http://moodle.org/mod/forum/discuss.php?d=458386
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81354


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) PHP file inclusion

EUVDB-ID: #VU89532

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-34004

CWE-ID: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program

Exploit availability: No

Description

The vulnerability allows a remote attacker to include and execute arbitrary PHP files on the server.

The vulnerability exists due to incorrect input validation when including PHP files in some misconfigured shared hosting environments via modified mod_wiki backup. A remote user can send a specially crafted HTTP request to the affected application, include and execute arbitrary PHP code on the system with privileges of the web server.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Moodle: 4.0.0 - 4.3.3

CPE2.3 External links

http://moodle.org/mod/forum/discuss.php?d=458393
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81284


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) PHP file inclusion

EUVDB-ID: #VU89530

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-34005

CWE-ID: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program

Exploit availability: No

Description

The vulnerability allows a remote attacker to include and execute arbitrary PHP files on the server.

The vulnerability exists due to incorrect input validation when including PHP files in some misconfigured shared hosting environments via modified mod_data backup. A remote user can send a specially crafted HTTP request to the affected application, include and execute arbitrary PHP code on the system with privileges of the web server.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Moodle: 4.0.0 - 4.3.3

CPE2.3 External links

http://moodle.org/mod/forum/discuss.php?d=458394
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81267


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper access control

EUVDB-ID: #VU89528

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-34009

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the ReCAPTCHA can be bypassed on the login page. A remote attacker can bypass the checks on the login page.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Moodle: 4.3.0 - 4.3.3

CPE2.3 External links

http://moodle.org/mod/forum/discuss.php?d=458398
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81463


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###