Detections
Analytics

Moodle 2.1.x < 2.1.9 / 2.2.x < 2.2.6 / 2.3.x < 2.3.3 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 9528

Synopsis

The remote web server is hosting a web application that is vulnerable to multiple attack vector.

Description

The remote web server hosts Moodle, an open-source course management system. Versions of Moodle 2.1.x prior to 2.1.9, 2.2.x prior to 2.2.6, and 2.3.x prior to 2.3.3 are affected by multiple vulnerabilities :

 - A flaw exists that is due to the program not properly terminating sessions when a user disconnects from Moodle. This may allow an attacker with physical access to the computer to more easily access a user's dropbox repository. (CVE-2012-5471)
 - A flaw exists that is triggered during the handling of a specially crafted value of a frozen form field. This may allow a remote authenticated attacker to bypass access restrictions. (CVE-2012-5472)
 - A flaw exists that is due to the Database Activity module not properly restricting access to activity entries. This may allow a remote authenticated attacker to gain access to arbitrary users' activity entries via an advanced search. (CVE-2012-5473)
 - A flaw exists that allows a remote user to execute arbitrary code. This flaw exists because the Portfolio plugin does not properly verify or sanitize user-uploaded files. By uploading a specially crafted API Callback file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the user to execute the script with the privileges of the web server. (CVE-2012-5479)
 - A flaw exists related to the Database activity module, which may allow a remote attacker to bypass intended access restrictions. With an advanced search the attacker may be able to read other participants' entries. (CVE-2012-5480)
 - A flaw exists that may lead to an unauthorized information disclosure. The issue may allow a remote authenticated attacker to bypass the 'moodle/role:manage' capability requirement, which will allow the attacker to read all capability data via the check permissions page. (CVE-2012-5481)

Solution

Upgrade to Moodle version 2.3.3 or later. If version 2.3.x cannot be obtained, versions 2.2.6 and 2.1.9 are also patched for these vulnerabilities.

See Also

https://docs.moodle.org/dev/Moodle_2.1.9_release_notes

https://docs.moodle.org/dev/Moodle_2.2.6_release_notes

https://docs.moodle.org/dev/Moodle_2.3.3_release_notes

Plugin Details

Severity: Medium

ID: 9528

Family: CGI

Published: 8/25/2016

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 6

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:moodle:moodle

Patch Publication Date: 11/19/2012

Vulnerability Publication Date: 11/19/2012

Reference Information

CVE: CVE-2012-5471, CVE-2012-5472, CVE-2012-5473, CVE-2012-5479, CVE-2012-5480, CVE-2012-5481

BID: 56505