Moodle 1.9.x < 1.9.17 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 9429

Synopsis

The remote web server is hosting a web application that is vulnerable to multiple attack vectors.

Description

The remote web server hosts Moodle, an open-source course management system. Versions of Moodle 1.9.x prior to 1.9.17 are exposed to the following vulnerabilities :

- A flaw exists that may lead to an unauthorized information disclosure. The issue is triggered when handling permissions in the database activity module, which will disclose database entry information to a remote attacker. (CVE-2012-1155)
- A flaw exists that may lead to an unauthorized information disclosure. The issue is triggered when input is passed to the 'repository/coursefiles/db/access.php', 'repository/filesystem/db/access.php', 'repository/local/db/access.php', and 'repository/webdav/db/access.php' scripts, which will disclose Repository information to a remote attacker. (CVE-2012-1157)
- A flaw exists that may lead to an unauthorized information disclosure. The issue is triggered when permissions are incorrectly handled by the 'grade/export/grade_export_form.php' script in the 'definition()' function, which will disclose hidden grades to a remote attacker. (CVE-2012-1158)
- A flaw exists that may lead to an unauthorized information disclosure. The issue is triggered when access permissions are handled incorrectly by the 'fill_table()' function in the 'grade/report/overview/lib.php' script when viewing the overview report, which will disclose hidden courses to a remote attacker. (CVE-2012-1159)
- A flaw exists related to the 'mod/forum/index.php' script. This flaw may allow an attacker to subscribe to course forums that may otherwise be restricted. (CVE-2012-1160)
- A flaw exists that may lead to an unauthorized information disclosure. The issue is triggered when input passed via the 'coursetag_get_tagged_courses()' function in the 'tag/coursetagslib.php' script is not properly verified before being used in a search, which will disclose a hidden course to a remote attacker. (CVE-2012-1161)
- A flaw exists related to the 'core_user_update_users' function. An error in the function resets a password when updating users, which will allow an attacker to log in to a user's account with a blank password. (CVE-2012-1168)
- A flaw exists that may lead to an unauthorized information disclosure. The issue is triggered when information passed via the 'load_for_user()' function is not properly sanitized upon submission to the 'lib/navigationlib.php' script, which will disclose a user's last name to a remote attacker. (CVE-2012-1169)
- A flaw exists that may lead to an unauthorized information disclosure. The issue is triggered when info passed via the 'get_enrolled_users()' function in the 'enrol/externallib.php' script is not properly verified before being returned to the user, which will disclose enrolled users to a remote attacker. (CVE-2012-1170)

Solution

Upgrade to Moodle version 1.9.7 or later.

See Also

https://docs.moodle.org/dev/Moodle_1.9.7_release_notes

Plugin Details

Severity: Medium

ID: 9429

Family: CGI

Published: 7/21/2016

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 6

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:moodle:moodle

Patch Publication Date: 3/12/2012

Vulnerability Publication Date: 3/19/2012

Reference Information

CVE: CVE-2012-1155, CVE-2012-1157, CVE-2012-1158, CVE-2012-1159, CVE-2012-1160, CVE-2012-1161, CVE-2012-1168, CVE-2012-1169, CVE-2012-1170

BID: 52631