MSA-21-0035: Arbitrary file read by site administrators via LaTeX preamble

by Michael Hawkins.  

Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account.


Severity/Risk:Serious
Versions affected:3.11 to 3.11.2, 3.10 to 3.10.6, 3.9 to 3.9.9 and earlier unsupported versions
Versions fixed:3.11.3, 3.10.7 and 3.9.10
Reported by:raisin_bugbounty
Workaround:Hard-code the value of the LaTeX preamble into $CFG->forced_plugin_settings['filter_tex']['latexpreamble'] within the site's config.php file.
CVE identifier:CVE-2021-40694
Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71240
Tracker issue:MDL-71240 Arbitrary file read by site administrators via LaTeX preamble

Read more https://moodle.org/mod/forum/discuss.php?d=427106&parent=1719328