Security announcements

MSA-23-0033: XSS risk when using CSV grade import method

Michael Hawkins發表於

The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.


Severity/Risk: Minor
Versions affected: 4.2 to 4.2.2, 4.1 to 4.1.5, 4.0 to 4.0.10, 3.11 to 3.11.16, 3.9 to 3.9.23 and earlier unsupported versions
Versions fixed: 4.2.3, 4.1.6, 4.0.11, 3.11.17 and 3.9.24
Reported by: Attilio Ferrari
Workaround: Verify the contents and trustworthiness of grade spreadsheets before importing them.
CVE identifier: CVE-2023-5541
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79426
Tracker issue: MDL-79426 XSS risk when using CSV grade import method
討論這一議題  (至今有 0 篇回應)

MSA-23-0032: Authenticated remote code execution risk in IMSCP

Michael Hawkins發表於

A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.


Severity/Risk: Serious
Versions affected: 4.2 to 4.2.2, 4.1 to 4.1.5, 4.0 to 4.0.10, 3.11 to 3.11.16, 3.9 to 3.9.23 and earlier unsupported versions
Versions fixed: 4.2.3, 4.1.6, 4.0.11, 3.11.17 and 3.9.24
Reported by: Vincent Schneider (cli-ish)
CVE identifier: CVE-2023-5540
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409
Tracker issue: MDL-79409 Authenticated remote code execution risk in IMSCP
討論這一議題  (至今有 0 篇回應)

MSA-23-0031: Authenticated remote code execution risk in Lesson

Michael Hawkins發表於

A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.


Severity/Risk: Serious
Versions affected: 4.2 to 4.2.2, 4.1 to 4.1.5, 4.0 to 4.0.10, 3.11 to 3.11.16, 3.9 to 3.9.23 and earlier unsupported versions
Versions fixed: 4.2.3, 4.1.6, 4.0.11, 3.11.17 and 3.9.24
Reported by: Vincent Schneider (cli-ish)
CVE identifier: CVE-2023-5539
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408
Tracker issue: MDL-79408 Authenticated remote code execution risk in Lesson
討論這一議題  (至今有 0 篇回應)

MSA-23-0030: Quiz sequential navigation bypass possible

Michael Hawkins發表於

Insufficient limitations made it possible for students to bypass sequential navigation during a quiz attempt.


Severity/Risk: Minor
Versions affected: 4.2 to 4.2.1, 4.1 to 4.1.4, 4.0 to 4.0.9, 3.11 to 3.11.15, 3.9 to 3.9.22 and earlier unsupported versions
Versions fixed: 4.2.2, 4.1.5, 4.0.10, 3.11.16 and 3.9.23
Reported by: Abhijit A M
CVE identifier: CVE-2023-40325
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71728
Tracker issue: MDL-71728 Quiz sequential navigation bypass possible
討論這一議題  (至今有 0 篇回應)

MSA-23-0029: Competency framework tools are not restricted as intended

Michael Hawkins發表於

Insufficient capability checks resulted in competency framework tools being available to users without the relevant capability.


Severity/Risk: Minor
Versions affected: 4.2 to 4.2.1, 4.1 to 4.1.4, 4.0 to 4.0.9, 3.11 to 3.11.15, 3.9 to 3.9.22 and earlier unsupported versions
Versions fixed: 4.2.2, 4.1.5, 4.0.10, 3.11.16 and 3.9.23
Reported by: Michael Hawkins
CVE identifier: CVE-2023-40324
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-66212
Tracker issue: MDL-66212 Competency framework tools are not restricted as intended
討論這一議題  (至今有 0 篇回應)

MSA-23-0028: Open redirect risk on admin view all policies page

Michael Hawkins發表於

The admin view all policies page URL required additional sanitizing to prevent an open redirect risk.


Severity/Risk: Minor
Versions affected: 4.2 to 4.2.1, 4.1 to 4.1.4, 4.0 to 4.0.9, 3.11 to 3.11.15, 3.9 to 3.9.22 and earlier unsupported versions
Versions fixed: 4.2.2, 4.1.5, 4.0.10, 3.11.16 and 3.9.23
Reported by: Darko Miletic
CVE identifier: CVE-2023-40323
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78763
Tracker issue: MDL-78763 Open redirect risk on admin view all policies page
討論這一議題  (至今有 0 篇回應)

MSA-23-0027: JQuery UI library upgraded to 1.13.2 (upstream)

Michael Hawkins發表於

The JQuery UI library included with Moodle has been upgraded to version 1.13.2, which includes fixes for security issues.


Severity/Risk: Minor
Versions affected: 3.11 to 3.11.15, 3.9 to 3.9.22 and earlier unsupported versions
Versions fixed: 3.11.16 and 3.9.23
Reported by: Wolf Ventir
CVE identifier: CVE-2022-31160, CVE-2021-41184, CVE-2021-41183 and CVE-2021-41182
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74544
Tracker issue: MDL-74544 JQuery UI library upgraded to 1.13.2 (upstream)
討論這一議題  (至今有 0 篇回應)

MSA-23-0026: IDOR in message processor fragments allows fetching of other users' data

Michael Hawkins發表於

Insufficient capability checks made it possible to fetch other users' message processor preferences data.


Severity/Risk: Minor
Versions affected: 4.2 to 4.2.1, 4.1 to 4.1.4, 4.0 to 4.0.9, 3.11 to 3.11.15, 3.9 to 3.9.22 and earlier unsupported versions
Versions fixed: 4.2.2, 4.1.5, 4.0.10, 3.11.16 and 3.9.23
Reported by: Paul Holden
CVE identifier: CVE-2023-40322
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78792
Tracker issue: MDL-78792 IDOR in message processor fragments allows fetching of other users' data
討論這一議題  (至今有 0 篇回應)

MSA-23-0025: phpCAS library upgraded to 1.6.0 (upstream)

Michael Hawkins發表於

The phpCAS library included with Moodle has been upgraded to version 1.6.0, which includes a fix for a serious security issue.


Severity/Risk: Serious
Versions affected: 4.0 to 4.0.9, 3.11 to 3.11.15, 3.9 to 3.9.22 and earlier unsupported versions
Versions fixed: 4.0.10, 3.11.16 and 3.9.23
Reported by: Julien Boulen
CVE identifier: CVE-2022-39369
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78620
Tracker issue: MDL-78620 phpCAS library upgraded to 1.6.0 (upstream)
討論這一議題  (至今有 0 篇回應)

MSA-23-0024: Private course participant data available from external grade report method

Michael Hawkins發表於

Insufficient capability checks resulted in course participant data being available to other participants in the course who would not otherwise have access to the information.


Severity/Risk: Minor
Versions affected: 4.2 to 4.2.1
Versions fixed: 4.2.2
Reported by: Paul Holden
CVE identifier: CVE-2023-40321
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78871
Tracker issue: MDL-78871 Private course participant data available from external grade report method
討論這一議題  (至今有 0 篇回應)