Home page logo
/

oss-sec logo oss-sec mailing list archives

Moodle security notifications public
From: Michael de Raadt <michaeld () moodle com>
Date: Mon, 21 Jan 2013 10:20:15 +0800

The following security notifications have now been made public. Thanks to OSS members for their cooperation.

=======================================================================
MSA-13-0001: Security issue in Google Spellchecker in TinyMCE

Description:       A security issue was reported by TinyMCE. This fix
                   has been applied to Moodle.
Issue summary:     import tinymce spellchecker 2.0.6.1
Severity/Risk:     Serious
Versions affected: 2.4, 2.3 to 2.3.3+, 2.2 to 2.2.6+, 2.1 to 2.1.9+
Reported by:       Petr Škoda
Issue no.:         MDL-37283
CVE Identifier:    CVE-2012-6112
Workaround:        Disable spellchecker plugin
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283

=======================================================================
MSA-13-0002: Capability issue with Outcome editing

Description:       Users without the appropriate capability were able
                   to set a custom outcome they had created as a
                   standard site-wide capability when editing that
                   outcome.
Issue summary:     Teachers can set Outcomes to be Standard when
                   re-editing
Severity/Risk:     Minor
Versions affected: 2.4, 2.3 to 2.3.3+, 2.2 to 2.2.6+, 2.1 to 2.1.9+
                   1.9 to 1.9.19
Reported by:       Elena Ivanova
Issue no.:         MDL-27619
CVE Identifier:    CVE-2012-6098
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-27619

=======================================================================
MSA-13-0003: Potential server file access through backup restoration

Description:       Paths in backups to restorable files were not being
                   sufficiently validated and could be manipulated to
                   gain access to files on the server.
Issue summary:     moodle1 backup converter path not properly validated
Severity/Risk:     Serious
Versions affected: 2.4, 2.3 to 2.3.3+, 2.2 to 2.2.6+, 2.1 to 2.1.9+
Reported by:       Dan Poltawski
Issue no.:         MDL-36977
CVE Identifier:    CVE-2012-6099
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36977

=======================================================================
MSA-13-0004: Information leak through activity report

Description:       Under certain circumstances, when last access is
                   included in a list of fields forced to be hidden,
                   the Activity report would still reveal users' last
                   access.
Issue summary:     Activity Report showing lastaccess even if it is a
                   hidden field
Severity/Risk:     Minor
Versions affected: 2.4, 2.3 to 2.3.3+, 2.2 to 2.2.6+
Reported by:       Jody Steele
Issue no.:         MDL-33340
CVE Identifier:    CVE-2012-6100
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33340

=======================================================================
MSA-13-0005: Potential phishing attack through URL redirects

Description:       Insufficient filtering of return URLs on some pages
                   was allowing redirects to sites outside Moodle.
Issue summary:     Open redirect issues
Severity/Risk:     Minor
Versions affected: 2.4, 2.3 to 2.3.3+, 2.2 to 2.2.6+
Reported by:       Simon Coggins
Issue no.:         MDL-35991
CVE Identifier:    CVE-2012-6101
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35991

=======================================================================
MSA-13-0006: Potential information leak in Assignment module

Description:       Through URL manipulation, students were able to view
                   feedback comments provided on other student's
                   submissions.
Issue summary:     Assignment comment permissions are not being
                   validated
Severity/Risk:     Serious
Versions affected: 2.4, 2.3 to 2.3.3+
Reported by:       Dan Poltawski
Issue no.:         MDL-37244
CVE Identifier:    CVE-2012-6102
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37244

=======================================================================
MSA-13-0007: Potential exploit in messaging

Description:       The messaging system was not checking the user's
                   session correctly when messages are sent.
Issue summary:     Course message sending can be exploited by CSRF
Severity/Risk:     Minor
Versions affected: 2.4, 2.3 to 2.3.3+, 2.2 to 2.2.6+
Reported by:       Andrew Nicols
Issue no.:         MDL-36600
CVE Identifier:    CVE-2012-6103
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36600

=======================================================================
MSA-13-0008: Information leak through Blog RSS

Description:       Blog posts that were hidden from guest users in the
                   Web interface were being included in the related RSS
                   feed.
Issue summary:     Guest users can access RSS feed for site level blogs
Severity/Risk:     Minor
Versions affected: 2.4, 2.3 to 2.3.3+, 2.2 to 2.2.6+
Reported by:       Charles Fulton
Issue no.:         MDL-36620
CVE Identifier:    CVE-2012-6104
Workaround:        Disable blogging
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36620

=======================================================================
MSA-13-0009: Information leak through Blog RSS

Description:       Blog posts were still accessible via the blog RSS
                   feed, even after blogging was disabled globally.
Issue summary:     Blog posts still available via RSS even after the
                   blogging is disabled
Severity/Risk:     Minor
Versions affected: 2.4, 2.3 to 2.3.3+, 2.2 to 2.2.6+, 2.1 to 2.1.9+
Reported by:       David Mudrak
Issue no.:         MDL-37467
CVE Identifier:    CVE-2012-6105
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37467

=======================================================================
MSA-13-0010: Failure to check capabilities in calendar

Description:       Students were able to delete course level calendar
                   subscriptions created by teachers.
Issue summary:     Student user able to Remove imported calendar from
                   Manage Subscriptions
Severity/Risk:     Minor
Versions affected: 2.4
Reported by:       David O'Brien
Issue no.:         MDL-37106
CVE Identifier:    CVE-2012-6106
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37106


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]