SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   Moodle Vendors:   moodle.org
Moodle Bugs Permit Cross-Site Scripting and Open Redirect Attacks and Let Remote Authenticated Users Modify Data
SecurityTracker Alert ID:  1032877
SecurityTracker URL:  http://securitytracker.com/id/1032877
CVE Reference:   CVE-2015-3272, CVE-2015-3273, CVE-2015-3274, CVE-2015-3275   (Links to External Site)
Date:  Jul 13 2015
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 2.7.9, 2.8.7, 2.9.1
Description:   Multiple vulnerabilities were reported in Moodle. A remote authenticated user can modify data on the target system. A remote user can redirect the target user's browser to an arbitrary site. A remote user can conduct cross-site scripting attacks.

A remote user can create a specially crafted HTTP referer header that, when loaded by the target user, will redirect the target user's browser to an arbitrary site [CVE-2015-3272]. The 'PARAM_LOCALURL' parameter is affected.

Totara reported this vulnerability.

The systems does not properly enforce the 'mod/forum:canposttomygroups' capability. A remote authenticated user can invoke the 'Post a copy to all groups' feature ('mod/forum/post.php') to post to restricted groups [CVE-2015-3273]. Version 2.9 is affected.

Juan Leyva reported this vulnerability.

Several web services do not properly filter HTML code from user-supplied input in custom profile fields before displaying the input [CVE-2015-3274]. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Moodle software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Marina Glancy reported this vulnerability.

The SCORM module does not properly filter HTML code from user-supplied input in custom profile fields before displaying the input [CVE-2015-3275]. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Moodle software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Martin Greenaway reported this vulnerability.

Impact:   A remote authenticated user can post to restricted groups on the target system.

A remote user can cause the target user's browser to be redirected to an arbitrary web site.

A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Moodle software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Solution:   The vendor has issued a fix (2.7.9, 2.8.7, 2.9.1).

The vendor's advisories are available at:

http://moodle.org/security/

Vendor URL:  moodle.org/security/ (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [oss-security] moodle security announcements

The following security notifications have now been made public. Thanks
to OSS members for their cooperation.

Marina Glancy
Development Process Manager
marina@moodle.com
+61894674167 | moodle.com
The world's open source learning platform

==============================================================================
MSA-15-0026: Possible phishing when redirecting to external site using referer
header

Description:       Another case when redirecting to external site was possible
                   in error messages. See also MSA-15-0019 (CVE-2015-3175)
Issue summary:     PARAM_LOCALURL is vulnerable to open redirects
Severity/Risk:     Minor
Versions affected: 2.9, 2.8 to 2.8.6, 2.7 to 2.7.8 and earlier unsupported
                   versions
Versions fixed:    2.9.1, 2.8.7 and 2.7.9
Reported by:       Totara
Issue no.:         MDL-50688
CVE identifier:    CVE-2015-3272
Changes (master):
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688

==============================================================================
MSA-15-0027: Capability 'mod/forum:canposttomygroups' is not respected when
using 'Post a copy to all groups' in forum

Description:       Capability 'mod/forum:canposttomygroups' was not respected
                   when using 'Post a copy to all groups' in forum. Capability
                   to post to each individual group was always required.
Issue summary:     canposttomygroups capability is not checked in
                   mod/forum/post.php
Severity/Risk:     Minor
Versions affected: 2.9
Versions fixed:    2.9.1
Reported by:       Juan Leyva
Issue no.:         MDL-50220
CVE identifier:    CVE-2015-3273
Changes (master):
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50220

==============================================================================
MSA-15-0028: Possible XSS through custom text profile fields in Web Services

Description:       Several web services returning user information did not
                   clean text in text custom profile fields
Issue summary:     Custom profile fields (textarea) are not passed through
                   external_format_text when returned by several web services
Severity/Risk:     Minor
Versions affected: 2.9, 2.8 to 2.8.6, 2.7 to 2.7.8 and earlier unsupported
                   versions
Versions fixed:    2.9.1, 2.8.7 and 2.7.9
Reported by:       Marina Glancy
Issue no.:         MDL-50130
CVE identifier:    CVE-2015-3274
Changes (master):
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50130

==============================================================================
MSA-15-0029: Javascript injection in SCORM module

Description:       Penetration test discovered possible Javascript injection
                   in SCORM module
Issue summary:     Inadequate JavaScript Handling in SCORM
Severity/Risk:     Minor
Versions affected: 2.9, 2.8 to 2.8.6, 2.7 to 2.7.8 and earlier unsupported
                   versions
Versions fixed:    2.9.1, 2.8.7 and 2.7.9
Reported by:       Martin Greenaway
Issue no.:         MDL-50614
CVE identifier:    CVE-2015-3275
Changes (master):
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50614

==============================================================================
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC