[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Moodle security notifications public
From: Michael de Raadt <michaeld () moodle ! com>
Date: 2012-07-17 1:02:55
Message-ID: 5004B9BF.7080003 () moodle ! com
[Download RAW message or body]
The following security notifications have now been made public. Thanks
to OSS members for their cooperation.
=======================================================================
MSA-12-0039: File upload validation issue
Topic: file_save_draft_area_files() does not validate
references are allowed
Severity/Risk: Minor
Versions affected: 2.3
Reported by: Petr koda
Issue no.: MDL-33948
CVE Identifier: CVE-2012-3387
Changes (master):
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33948
Description:
Where file shortcuts/aliases were not permitted, this was being
validated at the client, but not on the server.
=======================================================================
MSA-12-0040: Capabilities issue through caching
Topic: lib/accesslib.php is_enrolled doesn't check
capabilities for cached users
Severity/Risk: Minor
Versions affected: 2.3, 2.2 to 2.2.3+
Reported by: Andrew Nicols
Issue no.: MDL-33916
CVE Identifier: CVE-2012-3388
Changes (master):
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33916
Description:
Capability checks were not working properly after a user record had
been cached.
=======================================================================
MSA-12-0041: XSS issue in LTI module
Topic: XSS vulnerabilities in /mod/lti/typessettings.php
(POST parameters: lti_typename, lti_toolurl)
Severity/Risk: Serious
Versions affected: 2.3, 2.2 to 2.2.3+
Reported by: Dan Poltawski
Issue no.: MDL-31692
CVE Identifier: CVE-2012-3389
Changes (master):
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31692
Description:
Parameters used by the LTI (External tool) module were not being
sufficiently cleaned.
=======================================================================
MSA-12-0042: File access issue in blocks
Topic: Missing permissions check in pluginfile for blocks
Severity/Risk: Minor
Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+
Reported by: Juan Leyva
Issue no.: MDL-32155
Workaround: Do not embed sensitive documents in HTML blocks
CVE Identifier: CVE-2012-3390
Changes (2.2):
http://git.moodle.org/gw?p=moodle.git;a=commit;h=c58c05ad4f22c6ee1e136a7d4caaddd809a7134d
Description:
Files embedded by a block (eg., the HTML block) were accessible after
the block had been hidden.
=======================================================================
MSA-12-0043: Early information access issue in forum
Topic: Forum displays Q&A posts in RSS feeds before users
have correct access
Severity/Risk: Minor
Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+
Reported by: Andrew Nicols
Issue no.: MDL-32199
Workaround: Do not provide RSS access to Q&A forums
CVE Identifier: CVE-2012-3391
Changes (2.2):
http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32199
Description:
Q&A forum posts should not be visible to students until they have
contributed a post, however an RSS feed from such a forum was
displaying all posts.
=======================================================================
MSA-12-0044: Capability check issue in forum subscriptions
Topic: Add some capability checks etc to
mod/forum/unsubscribeall.php
Severity/Risk: Minor
Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+
Reported by: Andrew Davis
Issue no.: MDL-31460
CVE Identifier: CVE-2012-3392
Changes (2.2):
http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-31460
Description:
The capability for students to unsubscribe from forums was not being
checked properly.
=======================================================================
MSA-12-0045: Injection potential in admin for repositories
Topic: HTML/JS Injection possible in repository names
Severity/Risk: Minor
Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+
Reported by: Daniel Compton
Issue no.: MDL-33808
CVE Identifier: CVE-2012-3393
Changes (2.2):
http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-33808
Description:
The administration setting that allowed renaming of repositories
was not being filtered.
=======================================================================
MSA-12-0046: Insecure protocol redirection in LDAP authentication
Topic: redirect() "forgets" https
Severity/Risk: Minor
Versions affected: 2.3, 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+
Reported by: Christophe
Issue no.: MDL-23254
CVE Identifier: CVE-2012-3394
Changes (2.2):
http://git.moodle.org/gw?p=moodle.git;a=commit;h=9d8d2ee6192e8b7ebb6713bd6215e06f94e2a9f7
Description:
Users redirected during a login utilising LDAP were being redirected
from https to http protocol.
=======================================================================
MSA-12-0047: SQL injection potential in Feedback module
Topic: Feedback module abuses data_submitted
Severity/Risk: Serious
Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+
Reported by: Dan Marsden
Issue no.: MDL-27675
CVE Identifier: CVE-2012-3395
Changes (2.2):
http://git.moodle.org/gw?p=moodle.git&a=search&h=9d8d2ee6192e8b7ebb6713bd6215e06f94e2a9f7&st=commit&s=MDL-27675
Description:
The Feedback module was accepting some form data without filtering.
=======================================================================
MSA-12-0048: Possible XSS in cohort administration
Topic: Possible XSS vuln caused by MDL-31691 commit
Severity/Risk: Minor
Versions affected: 2.3, 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+
Reported by: Eugene
Issue no.: MDL-34045
CVE Identifier: CVE-2012-3396
Changes (master):
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34045
Description:
Fields used in the administration of cohorts were not being correctly
filtered.
=======================================================================
MSA-12-0049: Group restricted activity displayed to all users
Topic: Grouping restriction settings not applied correctly
when Restrict Access set to greyed-out
Severity/Risk: Minor
Versions affected: 2.3, 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+
Reported by: Luke Tucker
Issue no.: MDL-33466
CVE Identifier: CVE-2012-3397
Changes (master):
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33466
Description:
"Restrict access" conditions were incorrectly overriding grouping
settings when displaying activities.
=======================================================================
MSA-12-0050: Potential DOS attack through database activity
Topic: database activity advanced search can be very
dangerous (backport of MDL-17327)
Severity/Risk: Minor
Versions affected: 2.2 to 2.2.3+, 2.1 to 2.1.6+, 2.0 to 2.0.9+,
1.9 to 1.9.18+
Reported by: Séverin Terrier
Issue no.: MDL-32126
CVE Identifier: CVE-2012-3398
Changes (2.2):
http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32126
Description:
Inefficient queries on a database activity with a large number of
records could have caused long periods of high CPU load, crippling a
system.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic