Detections
Analytics

Moodle 2.8.x < 2.8.6 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 9425

Synopsis

The remote web server is hosting a web application that is vulnerable to multiple attack vectors.

Description

The remote web server hosts Moodle, an open-source course management system. Versions of Moodle 2.8.x prior to 2.8.6 are exposed to the following vulnerabilities :

 - A flaw exists in Quiz manual-grading that is due to the program failing to use the Cross-Site Scripting (XSS) mask flag 'mod/quiz:grade'. This may result in administrators being unaware that this is a trusted action that represents an XSS risk. (CVE-2015-3174)
 - A flaw exists in the 'get_referer()' function that is triggered when using 'redirect()', which can cause some error messages in the display button to return to the previous page. This may allow a context-dependent attacker to conduct phishing attacks. (CVE-2015-3175)
 - A flaw exists on sites with enabled self-registration that may allow a remote attacker to gain access to user fullname through account confirmation links. (CVE-2015-3176)
 - A flaw exists that is due to the program allowing users to subscribe themselves to site wide events. This may allow an authenticated remote attacker to gain access to potentially sensitive information. (CVE-2015-3177)
 - A flaw exists that allows a XSS attack. This flaw exists because the 'external_format_text()' function does not validate input when displaying it to other users in the external application. This may allow an authenticated remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between the browser and the server. (CVE-2015-3178)
 - A flaw exists when self-registration is enabled that may allow a user who was suspended after creating their account, but before confirming it, to login a single time after account confirmation. (CVE-2015-3179)
 - A flaw exists that may allow an authenticated remote attacker with suspended enrollment to gain access to the course structure in the navigation block. This may allow the attacker to gain unauthorized access to information. (CVE-2015-3180)
 - A flaw exists that may result in permissions not being properly removed when manageownfiles permissions are revoked from a user. This may allow an authenticated remote attacker to upload private files via Web Services. (CVE-2015-3181)

Solution

Upgrade to Moodle version 2.9 or later. If version 2.9.x cannot be obtained, version 2.8.6 is also patched for these issues.

See Also

https://docs.moodle.org/dev/Moodle_2.9_release_notes

https://docs.moodle.org/dev/Moodle_2.8.6_release_notes

Plugin Details

Severity: Critical

ID: 9425

Family: CGI

Published: 7/21/2016

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:moodle:moodle

Patch Publication Date: 5/11/2015

Vulnerability Publication Date: 5/18/2015

Reference Information

CVE: CVE-2015-3174, CVE-2015-3175, CVE-2015-3176, CVE-2015-3177, CVE-2015-3178, CVE-2015-3179, CVE-2015-3180, CVE-2015-3181

BID: 74644, 74719, 74720, 74721, 74725, 74726, 74728, 74729