oss-sec mailing list archives
Moodle security notifications public
From: Michael de Raadt <michaeld () moodle com>
Date: Tue, 17 Jul 2012 09:02:55 +0800
The following security notifications have now been made public. Thanks to OSS members for their cooperation.
======================================================================= MSA-12-0039: File upload validation issue Topic: file_save_draft_area_files() does not validate references are allowed Severity/Risk: Minor Versions affected: 2.3 Reported by: Petr Škoda Issue no.: MDL-33948 CVE Identifier: CVE-2012-3387Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33948
Description: Where file shortcuts/aliases were not permitted, this was being validated at the client, but not on the server. ======================================================================= MSA-12-0040: Capabilities issue through caching Topic: lib/accesslib.php is_enrolled doesn't check capabilities for cached users Severity/Risk: Minor Versions affected: 2.3, 2.2 to 2.2.3+ Reported by: Andrew Nicols Issue no.: MDL-33916 CVE Identifier: CVE-2012-3388Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33916
Description: Capability checks were not working properly after a user record had been cached. ======================================================================= MSA-12-0041: XSS issue in LTI module Topic: XSS vulnerabilities in /mod/lti/typessettings.php (POST parameters: lti_typename, lti_toolurl) Severity/Risk: Serious Versions affected: 2.3, 2.2 to 2.2.3+ Reported by: Dan Poltawski Issue no.: MDL-31692 CVE Identifier: CVE-2012-3389Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31692
Description: Parameters used by the LTI (External tool) module were not being sufficiently cleaned. ======================================================================= MSA-12-0042: File access issue in blocks Topic: Missing permissions check in pluginfile for blocks Severity/Risk: Minor Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+ Reported by: Juan Leyva Issue no.: MDL-32155 Workaround: Do not embed sensitive documents in HTML blocks CVE Identifier: CVE-2012-3390Changes (2.2): http://git.moodle.org/gw?p=moodle.git;a=commit;h=c58c05ad4f22c6ee1e136a7d4caaddd809a7134d
Description: Files embedded by a block (eg., the HTML block) were accessible after the block had been hidden. ======================================================================= MSA-12-0043: Early information access issue in forum Topic: Forum displays Q&A posts in RSS feeds before users have correct access Severity/Risk: Minor Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+ Reported by: Andrew Nicols Issue no.: MDL-32199 Workaround: Do not provide RSS access to Q&A forums CVE Identifier: CVE-2012-3391Changes (2.2): http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32199
Description: Q&A forum posts should not be visible to students until they have contributed a post, however an RSS feed from such a forum was displaying all posts. ======================================================================= MSA-12-0044: Capability check issue in forum subscriptions Topic: Add some capability checks etc to mod/forum/unsubscribeall.php Severity/Risk: Minor Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+ Reported by: Andrew Davis Issue no.: MDL-31460 CVE Identifier: CVE-2012-3392Changes (2.2): http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-31460
Description: The capability for students to unsubscribe from forums was not being checked properly. ======================================================================= MSA-12-0045: Injection potential in admin for repositories Topic: HTML/JS Injection possible in repository names Severity/Risk: Minor Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+ Reported by: Daniel Compton Issue no.: MDL-33808 CVE Identifier: CVE-2012-3393Changes (2.2): http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-33808
Description: The administration setting that allowed renaming of repositories was not being filtered. ======================================================================= MSA-12-0046: Insecure protocol redirection in LDAP authentication Topic: redirect() "forgets" https Severity/Risk: Minor Versions affected: 2.3, 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+ Reported by: Christophe Issue no.: MDL-23254 CVE Identifier: CVE-2012-3394Changes (2.2): http://git.moodle.org/gw?p=moodle.git;a=commit;h=9d8d2ee6192e8b7ebb6713bd6215e06f94e2a9f7
Description: Users redirected during a login utilising LDAP were being redirected from https to http protocol. ======================================================================= MSA-12-0047: SQL injection potential in Feedback module Topic: Feedback module abuses data_submitted Severity/Risk: Serious Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+ Reported by: Dan Marsden Issue no.: MDL-27675 CVE Identifier: CVE-2012-3395Changes (2.2): http://git.moodle.org/gw?p=moodle.git&a=search&h=9d8d2ee6192e8b7ebb6713bd6215e06f94e2a9f7&st=commit&s=MDL-27675
Description: The Feedback module was accepting some form data without filtering. ======================================================================= MSA-12-0048: Possible XSS in cohort administration Topic: Possible XSS vuln caused by MDL-31691 commit Severity/Risk: Minor Versions affected: 2.3, 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+ Reported by: Eugene Issue no.: MDL-34045 CVE Identifier: CVE-2012-3396Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34045
Description: Fields used in the administration of cohorts were not being correctly filtered. ======================================================================= MSA-12-0049: Group restricted activity displayed to all users Topic: Grouping restriction settings not applied correctly when Restrict Access set to greyed-out Severity/Risk: Minor Versions affected: 2.3, 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+ Reported by: Luke Tucker Issue no.: MDL-33466 CVE Identifier: CVE-2012-3397Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33466
Description: "Restrict access" conditions were incorrectly overriding grouping settings when displaying activities. ======================================================================= MSA-12-0050: Potential DOS attack through database activity Topic: database activity advanced search can be very dangerous (backport of MDL-17327) Severity/Risk: Minor Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+, 1.9 to 1.9.18+ Reported by: Séverin Terrier Issue no.: MDL-32126 CVE Identifier: CVE-2012-3398Changes (2.2): http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32126
Description: Inefficient queries on a database activity with a large number of records could have caused long periods of high CPU load, crippling a system.
Current thread:
- Moodle security notifications public Michael de Raadt (Jul 16)
- <Possible follow-ups>
- Moodle security notifications public Michael de Raadt (Sep 16)