Detections
Analytics
Moodle 2.0.x < 2.0.8 / 2.1.x < 2.1.5 / 2.2.x < 2.2.2 Multiple Vulnerabilities
medium Nessus Network Monitor Plugin ID 9401
Synopsis
The remote web server is hosting a web application that is vulnerable to multiple attack vectors.Description
The remote web server hosts Moodle, an open-source course management system. Versions of Moodle 2.0.x prior to 2.0.8, 2.1.x prior to 2.1.26, or 2.2.x prior to 2.2.3 are exposed to the following vulnerabilities :- A flaw exists that may lead to an unauthorized information disclosure. The issue is triggered when handling permissions in the database activity module, which will disclose database entry information to a remote attacker. (CVE-2012-1155)
- A flaw exists that may lead to an unauthorized information disclosure. The issue is triggered when input is passed to the 'repository/coursefiles/db/access.php', 'repository/filesystem/db/access.php', 'repository/local/db/access.php', and 'repository/webdav/db/access.php' scripts, which will disclose Repository information to a remote attacker. (CVE-2012-1157)
- A flaw exists that may lead to an unauthorized information disclosure. The issue is triggered when permissions are incorrectly handled by the 'grade/export/grade_export_form.php' script in the 'definition()' function, which will disclose hidden grades to a remote attacker. (CVE-2012-1158)
- A flaw exists that may lead to an unauthorized information disclosure. The issue is triggered when access permissions are handled incorrectly by the 'fill_table()' function in the 'grade/report/overview/lib.php' script when viewing the overview report, which will disclose hidden courses to a remote attacker. (CVE-2012-1159)
- A flaw exists related to the 'mod/forum/index.php' script. This flaw may allow an attacker to subscribe to course forums that may otherwise be restricted. (CVE-2012-1160)
- A flaw exists that may lead to an unauthorized information disclosure. The issue is triggered when input passed via the 'coursetag_get_tagged_courses()' function in the 'tag/coursetagslib.php' script is not properly verified before being used in a search, which will disclose a hidden course to a remote attacker. (CVE-2012-1161)
- A flaw exists related to the 'core_user_update_users' function. An error in the function resets a password when updating users, which will allow an attacker to log in to a user's account with a blank password. (CVE-2012-1168)
- A flaw exists that may lead to an unauthorized information disclosure. The issue is triggered when information passed via the 'load_for_user()' function is not properly sanitized upon submission to the 'lib/navigationlib.php' script, which will disclose a user's last name to a remote attacker. (CVE-2012-1169)
- A flaw exists that may lead to an unauthorized information disclosure. The issue is triggered when info passed via the 'get_enrolled_users()' function in the 'enrol/externallib.php' script is not properly verified before being returned to the user, which will disclose enrolled users to a remote attacker. (CVE-2012-1170)
Solution
Upgrade to Moodle version 2.2.2 or later. If version 2.2.x cannot be obtained, versions 2.1.5 and 2.0.8 are also patched for these vulnerabilities.See Also
https://docs.moodle.org/dev/Moodle_2.2.2_release_notes
Plugin Details
Severity: Medium
ID: 9401
Family: CGI
Published: 7/21/2016
Updated: 3/6/2019
Risk Information
VPR
Risk Factor: Medium
Score: 4.2
CVSS v2
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.7
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS v3
Risk Factor: Medium
Base Score: 6.3
Temporal Score: 6
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:moodle:moodle
Patch Publication Date: 3/12/2012
Vulnerability Publication Date: 3/19/2012
Reference Information
CVE: CVE-2012-1155, CVE-2012-1157, CVE-2012-1158, CVE-2012-1159, CVE-2012-1160, CVE-2012-1161, CVE-2012-1168, CVE-2012-1169, CVE-2012-1170
BID: 52631