Educación a distancia Somos Expertos en servicios Moodle

  • Inicio
  • Moodle
    • Productos
    • Servicios
    • Sobre Moodle
    • Sobre Moodle Chile
  • Blog
    • Noticias
      • Seguridad Moodle
      • Planeta Moodle
      • Moodle.org Directo
      • Moodle Buzz
      • Moodle Foro
      • Google News
      • Todas las Noticias
    • Artículos
  • Cotizar

MSA-19-0003: User full name is not escaped in the un-linked userpix page

Detalles
Publicado el 21 Enero 2019
Categoría: Seguridad
  • Imprimir
  • Correo electrónico
by Michael Hawkins.  

The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.


...
Severity/Risk:Minor
Versions affected:3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions
Versions
Leer más...

MSA-18-0020: Login CSRF vulnerability in login form

Detalles
Publicado el 19 Noviembre 2018
Categoría: Seguridad
  • Imprimir
  • Correo electrónico
by Michael Hawkins.  

The login form is not protected by a token to prevent login cross-site request forgery.


...
Severity/Risk:Serious
Versions affected:3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier unsupported versions
Versions fixed:3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15
Reported by:Daniel Thatcher
CVE identifier:CVE-2018-16854
Chan
Leer más...

MSA-18-0017: Moodle XML import of ddwtos could lead to intentional remote code execution

Detalles
Publicado el 16 Septiembre 2018
Categoría: Seguridad
  • Imprimir
  • Correo electrónico
by Michael Hawkins.  

When importing legacy 'drag and drop into text' (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source.


...
Severity/Risk:Serious
Versions affected:3.5 to 3.5.1, 3.4 to 3.4.4, 3.1 to 3.1.13 and
Leer más...

MSA-18-0018: QuickForm library remote code vulnerability (upstream)

Detalles
Publicado el 16 Septiembre 2018
Categoría: Seguridad
  • Imprimir
  • Correo electrónico
by Michael Hawkins.  

A security vulnerability was reported against QuickForm, a third party library used by Moodle. Although no attack vector was identified within our software, Moodle has updated to patched versions of QuickForm as a precaution.


...
Severity/Risk:Minor
Versions affected:3.5 to 3.5.1, 3.4 to 3.4.4, 3.3 to 3.3.7, 3.1 to 3.1.13 and
Leer más...

MSA-18-0019: Boost theme - blog search GET parameter insufficiently filtered

Detalles
Publicado el 16 Septiembre 2018
Categoría: Seguridad
  • Imprimir
  • Correo electrónico
by Michael Hawkins.  

The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter.


...
Severity/Risk:Minor
Versions affected:3.5 to 3.5.1, 3.4 to 3.4.4, 3.3 to 3.3.7 and
Leer más...

MSA-18-0014: Privacy data exports include log data

Detalles
Publicado el 15 Julio 2018
Categoría: Seguridad
  • Imprimir
  • Correo electrónico
by Michael Hawkins.  

No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester. Note this may be a serious privacy consideration for sites processing data exports.


...
Severity/Risk:Minor
Versions affected:3.5, 3.4.3, 3.3 to 3.3.6
Versions fixed:3.5.1, 3.4.4, 3.3.7
Reported by:
Leer más...

MSA-18-0015: Web service core_course_get_categories may return invisible categories

Detalles
Publicado el 15 Julio 2018
Categoría: Seguridad
  • Imprimir
  • Correo electrónico
by Michael Hawkins.  

It was possible for the core_course_get_categories web service to return hidden categories, which should be omitted when fetching course categories. Note this only affects cases where a user has access to manage categories, but does not also have permission to view hidden categories.


...
Severity/Risk:Minor
Versions affected:3.5
Leer más...

MSA-18-0016: Quiz question bank import preview could execute JavaScript

Detalles
Publicado el 15 Julio 2018
Categoría: Seguridad
  • Imprimir
  • Correo electrónico
by Michael Hawkins.  

When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank.


...
Severity/Risk:Minor
Versions affected:3.5, 3.4 to 3.4.3, 3.3 to 3.3.6, 3.2 to 3.2.9, 3.1 to 3.1.12 and earlier unsupported versions
Versions fixed:3.5.1, 3.4.4,
Leer más...

MSA-18-0007: Calculated question type allows remote code execution by Question authors

Detalles
Publicado el 24 Mayo 2018
Categoría: Seguridad
  • Imprimir
  • Correo electrónico
by Marina Glancy.  

Teacher creating Calculated question can intentionally cause remote code execution on server


...
Severity/Risk:Serious
Versions affected:3.4 to 3.4.2, 3.3 to 3.3.5, 3.2 to 3.2.8, 3.1 to 3.1.11 and earlier unsupported versions
Versions fixed:3.5, 3.4.3, 3.3.6, 3.2.9 and 3.1.12
Reported by:Robin Peraglie
CVE identifier:CVE-2018-1133
Cha
Leer más...

MSA-18-0008: Users can download any file via portfolio assignment caller class

Detalles
Publicado el 24 Mayo 2018
Categoría: Seguridad
  • Imprimir
  • Correo electrónico
by Marina Glancy.  

Students who submitted assignments and exported it to portfolios can download any stored Moodle file by changing download URL


...
Severity/Risk:Minor
Versions affected:3.4 to 3.4.2, 3.3 to 3.3.5, 3.2 to 3.2.8, 3.1 to 3.1.11 and earlier unsupported versions
Versions fixed:3.5, 3.4.3, 3.3.6, 3.2.9 and 3.1.12
Reported by:Brendan Cox
Wor
Leer más...

MSA-18-0009: Portfolio forum caller class allows a user to download any file

Detalles
Publicado el 24 Mayo 2018
Categoría: Seguridad
  • Imprimir
  • Correo electrónico
by Marina Glancy.  

Students who posted on forum and exported the post to portfolios can download any stored Moodle file by changing download URL


...
Severity/Risk:Minor
Versions affected:3.4 to 3.4.2, 3.3 to 3.3.5, 3.2 to 3.2.8, 3.1 to 3.1.11 and earlier unsupported versions
Versions fixed:3.5, 3.4.3, 3.3.6, 3.2.9 and 3.1.12
Reported by:Brendan Cox
Wor
Leer más...

MSA-18-0010: User can shift a block from Dashboard to any page

Detalles
Publicado el 24 Mayo 2018
Categoría: Seguridad
  • Imprimir
  • Correo electrónico
by Marina Glancy.  

Authenticated user are allowed to add HTML blocks containing scripts to their Dashboard and this is normally not a security issue because personal dashboard is visible to this user only. Through this security vulnerability users can move such block to other pages where they can be viewed by other users.


...
Severity/Risk:Serious
V
Leer más...

MSA-18-0011: User who did not agree to the site policies can see the site homepage as if they had full site access

Detalles
Publicado el 24 Mayo 2018
Categoría: Seguridad
  • Imprimir
  • Correo electrónico
by Marina Glancy.  

Site policies agreement is not checked for logged in users who browse front page and activities on it


...
Severity/Risk:Minor
Versions affected:3.4 to 3.4.2, 3.3 to 3.3.5, 3.2 to 3.2.8, 3.1 to 3.1.11 and earlier unsupported versions
Versions fixed:3.5, 3.4.3, 3.3.6, 3.2.9 and 3.1.12
Reported by:Marina Glancy
Changes (master):http://g
Leer más...

MSA-18-0012: Portfolio script allows instantiation of class chosen by user

Detalles
Publicado el 24 Mayo 2018
Categoría: Seguridad
  • Imprimir
  • Correo electrónico
by Marina Glancy.  

Substituting URL in portfolios users can instantiate any class, this can also be exploited by users who are logged in as guests to create a DDoS attack


...
Severity/Risk:Serious
Versions affected:3.4 to 3.4.2, 3.3 to 3.3.5, 3.2 to 3.2.8, 3.1 to 3.1.11 and earlier unsupported versions
Versions fixed:3.5, 3.4.3, 3.3.6, 3.2.9 and
Leer más...

MSA-18-0005: Unauthenticated users can trigger custom messages to admin via paypal enrol script

Detalles
Escrito por Marina Glancy
Publicado el 26 Marzo 2018
Categoría: Seguridad
  • Imprimir
  • Correo electrónico

by Marina Glancy.  

Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed


...
Severity/Risk:Serious
Versions affected:3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions
Versions fixed:3.4.2, 3.3.5, 3.2.8 and 3.1.11
Reported by:Brend
Leer más...

MSA-18-0006: Suspended users with OAuth 2 authentication method can still log in to the site

Detalles
Escrito por Marina Glancy
Publicado el 26 Marzo 2018
Categoría: Seguridad
  • Imprimir
  • Correo electrónico

by Marina Glancy.  

If a user account using OAuth2 authentication method was once confirmed but later suspended, user could still login to the site


...
Severity/Risk:Minor
Versions affected:3.4 to 3.4.1, 3.3 to 3.3.4
Versions fixed:3.4.2 and 3.3.5
Reported by:Helen Foster
CVE identifier:CVE-2018-1082
Changes (master):http://git.moodle.org/gw?p=moodle.git
Leer más...

MSA-18-0001: Server Side Request Forgery in the filepicker

Detalles
Escrito por Marina Glancy
Publicado el 22 Enero 2018
Categoría: Seguridad
  • Imprimir
  • Correo electrónico

by Marina Glancy.  

By substituting the source URL in the filepicker AJAX request authenticated users are able to retrieve and view any URL. We classify this issue as serious because some cloud hosting providers contain internal resources that can expose data and compromise a server


...
Severity/Risk:Serious
Versions affected:3.4, 3.3 to 3.3.3, 3.2
Leer más...

MSA-18-0002: Setting for blocked hosts list can be bypassed with multiple A record hostnames

Detalles
Escrito por Marina Glancy
Publicado el 22 Enero 2018
Categoría: Seguridad
  • Imprimir
  • Correo electrónico

by Marina Glancy.  

Moodle setting "cURL blocked hosts list" was introduced in Moodle 3.2 to prevent access to specific addresses (usually internal) when server retrieves URLs requested by the user. PoC was presented how to bypass this restriction by using a DNS record that returns multiple A records for a hostname.


...
Severity/Risk:Minor
Versions
Leer más...

MSA-18-0003: Privilege escalation in quiz web services

Detalles
Escrito por Marina Glancy
Publicado el 22 Enero 2018
Categoría: Seguridad
  • Imprimir
  • Correo electrónico

by Marina Glancy.  

Quiz web services allow students to see quiz results when it is prohibited in the settings. This web service is used by the mobile app


...
Severity/Risk:Minor
Versions affected:3.4, 3.3 to 3.3.3, 3.2 to 3.2.6 and 3.1 to 3.1.9
Versions fixed:3.4.1, 3.3.4, 3.2.7 and 3.1.10
Reported by:Chirine Nassar
CVE identifier:CVE-2018-1044
Changes
Leer más...

MSA-18-0004: XSS in calendar event name

Detalles
Escrito por Marina Glancy
Publicado el 22 Enero 2018
Categoría: Seguridad
  • Imprimir
  • Correo electrónico

by Marina Glancy.  

It is possible to inject javascript in the event name in the calendar block. Normally capability to create events is only given to trusted users (such as teachers), however it is not marked as having XSS risk, therefore it is considered a security issue.


...
Severity/Risk:Minor
Versions affected:3.3 to 3.3.3, 3.2 to 3.2.6, 3.1 to
Leer más...

Más artículos...

  1. MSA-17-0021: Students can find out email addresses of other students in the same course
  2. MSA-17-0017: XSS in contact form on non-respondents page in non-anonymous feedback
  3. MSA-17-0018: Course reports are not respecting group settings in courses
  4. MSA-17-0019: user_can_view_profile() incorrectly assumes $course as shared course
  5. MSA-17-0020: Admins may not know that exposing vendor directory is a security risk
  6. MSA-17-0006: User fullname disclosure on user preferences page
  7. MSA-17-0014: Course overview block reveals activities in hidden courses
  8. MSA-17-0015: Course creators are able to change system default settings for courses
  9. MSA-17-0016: Authentication bypass vulnerability with old CAS servers
  10. MSA-17-0010: External blog editing takeover
  11. MSA-17-0011: Searching of blogs possible without capability to do it
  12. MSA-17-0012: CSRF in number of courses displayed in the course overview block
  13. MSA-17-0013: Missing permission check when adding forum post attachments in Web Services
  14. MSA-17-0005: SQL injection via user preferences
  15. MSA-17-0007: Global search displays user names for unauthenticated users
  16. MSA-17-0008: XSS in evidence of prior learning
  17. MSA-17-0009: XSS in attachments to evidence of prior learning
  18. MSA-17-0001: System file inclusion when adding own preset file in Boost theme
  19. MSA-17-0002: Incorrect sanitation of attributes in forums
  20. MSA-17-0002: Incorrect sanitation of attributes in forums

Página 6 de 58

  • Inicio
  • Anterior
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • Siguiente
  • Final
  • Home
  • Blog
  • Noticias
  • Todas las Noticias

Moodle-Chile.cl is not affiliated with or endorsed by the Moodle Project.

Powered by TILATAM S.A.