SB2024051524 - Multiple vulnerabilities in Moodle
Published: May 15, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 secuirty vulnerabilities.
1) Cross-site request forgery (CVE-ID: CVE-2024-34008)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin in analytics management of models. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
2) Stored cross-site scripting (CVE-ID: CVE-2024-34000)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in lesson overview report via user ID number. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
3) Cross-site request forgery (CVE-ID: CVE-2024-34001)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin in admin preset tool management of presets. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
4) PHP file inclusion (CVE-ID: CVE-2024-34002)
The vulnerability allows a remote attacker to include and execute arbitrary PHP files on the server.
The vulnerability exists due to incorrect input validation when including PHP files in some misconfigured shared hosting environments via modified mod_feedback backup. A remote user can send a specially crafted HTTP request to the affected application, include and execute arbitrary PHP code on the system with privileges of the web server.
5) PHP file inclusion (CVE-ID: CVE-2024-34003)
The vulnerability allows a remote attacker to include and execute arbitrary PHP files on the server.
The vulnerability exists due to incorrect input validation when including PHP files in some misconfigured shared hosting environments via modified mod_workshop backup. A remote user can send a specially crafted HTTP request to the affected application, include and execute arbitrary PHP code on the system with privileges of the web server.
6) Cross-site scripting (CVE-ID: CVE-2024-34006)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in site log for config_log_created. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
7) Cross-site request forgery (CVE-ID: CVE-2024-34007)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin in admin/tool/mfa/auth.php. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
8) Security features bypass (CVE-ID: CVE-2024-33999)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php. A remote attacker can bypass authentication.
9) Improper access control (CVE-ID: CVE-2024-33996)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions when setting calendar event type. A remote user can create events with types/audiences they are not have permission to publish to.
10) Stored cross-site scripting (CVE-ID: CVE-2024-33997)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when editing another user's equation in equation editor. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
11) Stored cross-site scripting (CVE-ID: CVE-2024-33998)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within user's name on participants page when opening some options. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
12) PHP file inclusion (CVE-ID: CVE-2024-34004)
The vulnerability allows a remote attacker to include and execute arbitrary PHP files on the server.
The vulnerability exists due to incorrect input validation when including PHP files in some misconfigured shared hosting environments via modified mod_wiki backup. A remote user can send a specially crafted HTTP request to the affected application, include and execute arbitrary PHP code on the system with privileges of the web server.
13) PHP file inclusion (CVE-ID: CVE-2024-34005)
The vulnerability allows a remote attacker to include and execute arbitrary PHP files on the server.
The vulnerability exists due to incorrect input validation when including PHP files in some misconfigured shared hosting environments via modified mod_data backup. A remote user can send a specially crafted HTTP request to the affected application, include and execute arbitrary PHP code on the system with privileges of the web server.
14) Improper access control (CVE-ID: CVE-2024-34009)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the ReCAPTCHA can be bypassed on the login page. A remote attacker can bypass the checks on the login page.
Remediation
Install update from vendor's website.
References
- https://moodle.org/mod/forum/discuss.php?d=458397
- https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81059
- https://moodle.org/mod/forum/discuss.php?d=458388
- https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81062
- https://moodle.org/mod/forum/discuss.php?d=458389
- https://moodle.org/mod/forum/discuss.php?d=458390
- https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81135
- https://moodle.org/mod/forum/discuss.php?d=458391
- https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80712
- https://moodle.org/mod/forum/discuss.php?d=458395
- https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80585
- https://moodle.org/mod/forum/discuss.php?d=458396
- https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80877
- https://moodle.org/mod/forum/discuss.php?d=458387
- https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80878
- https://moodle.org/mod/forum/discuss.php?d=458384
- https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81247
- https://moodle.org/mod/forum/discuss.php?d=458385
- https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81352
- https://moodle.org/mod/forum/discuss.php?d=458386
- https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81354
- https://moodle.org/mod/forum/discuss.php?d=458393
- https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81284
- https://moodle.org/mod/forum/discuss.php?d=458394
- https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81267
- https://moodle.org/mod/forum/discuss.php?d=458398
- https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81463