-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.4071
Multiple Moodle vulnerabilities
17 November 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Moodle
Publisher: Moodle
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Increased Privileges -- Existing Account
Cross-site Scripting -- Remote with User Interaction
Unauthorised Access -- Existing Account
Reduced Security -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-25703 CVE-2020-25702 CVE-2020-25701
CVE-2020-25700 CVE-2020-25699 CVE-2020-25698
Original Bulletin:
https://moodle.org/mod/forum/discuss.php?d=413935&parent=1668770
https://moodle.org/mod/forum/discuss.php?d=413936&parent=1668771
https://moodle.org/mod/forum/discuss.php?d=413938&parent=1668773
https://moodle.org/mod/forum/discuss.php?d=413939&parent=1668774
https://moodle.org/mod/forum/discuss.php?d=413940&parent=1668775
https://moodle.org/mod/forum/discuss.php?d=413941&parent=1668777
Comment: This bulletin contains six (6) Moodle security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
MSA-20-0016: Teacher is able to unenrol users without permission using course
restore
Users' enrolment capabilities were not being sufficiently checked when they
restored into an existing course, which could lead to them unenrolling users
without having permission to do so.
Severity/Risk: Minor
Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and
earlier unsupported versions
Versions fixed: 3.10, 3.9.3, 3.8.6, 3.7.9 and 3.5.15
Reported by: Roman Sevostyanov
CVE identifier: CVE-2020-25698
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-67837
Tracker issue: MDL-67837 Teacher is able to unenrol users without permission
using course restore
- --------------------------------------------------------------------------------
MSA-20-0017: Privilege escalation within a course when restoring role overrides
Insufficient capability checks could lead to users with the ability to course
restore adding additional capabilities to roles within that course.
Severity/Risk: Minor
Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and
earlier unsupported versions
Versions fixed: 3.10, 3.9.3, 3.8.6, 3.7.9 and 3.5.15
Reported by: Matt Petro
CVE identifier: CVE-2020-25699
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-56310
Tracker issue: MDL-56310 Privilege escalation within a course when restoring
role overrides
- --------------------------------------------------------------------------------
MSA-20-0018: Some database module web services did not respect group settings
Some database module web services allowed students to add entries within groups
they did not belong to.
Severity/Risk: Minor
Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and
earlier unsupported versions
Versions fixed: 3.10, 3.9.3, 3.8.6, 3.7.9 and 3.5.15
Reported by: Dani Palou
CVE identifier: CVE-2020-25700
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-67015
Tracker issue: MDL-67015 Some database module web services did not respect
group settings
- --------------------------------------------------------------------------------
MSA-20-0019: tool_uploadcourse creates new enrol instances unexpectedly in some
circumstances
If the upload course tool was used to delete an enrolment method which did not
exist or was not already enabled, the tool would erroneously enable that
enrolment method. This could lead to unintended users gaining access to the
course.
Severity/Risk: Minor
Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8 and 3.5 to 3.5.14 and
earlier unsupported versions
Versions fixed: 3.10, 3.9.3, 3.8.6, 3.7.9 and 3.5.15
Workaround: Until the patch is applied, ensure any enrolment method
deletions are only performed on courses
where that enrolment method already exists
and is enabled.
CVE identifier: CVE-2020-25701
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69378
Tracker issue: MDL-69378 tool_uploadcourse creates new enrol instances
unexpectedly in some circumstances
- --------------------------------------------------------------------------------
MSA-20-0020: Stored XSS possible when renaming content bank items
It was possible to include JavaScript when re-naming content bank items.
Severity/Risk: Minor
Versions affected: 3.9 to 3.9.2
Versions fixed: 3.10, 3.9.3
Reported by: DegrangeM
CVE identifier: CVE-2020-25702
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69046
Tracker issue: MDL-69046 Stored XSS possible when renaming content bank items
- --------------------------------------------------------------------------------
MSA-20-0021: The participants table download feature did not respect the site's
"show user identity" configuration
The participants table download always included user emails, but should have
only done so when users' emails are not hidden.
Severity/Risk: Minor
Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8
Versions fixed: 3.10, 3.9.3, 3.8.6 and 3.7.9
Reported by: A. Schenkel
CVE identifier: CVE-2020-25703
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69844
Tracker issue: MDL-69844 The participants table download feature did not
respect the site's "show user identity"
configuration
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX7Mdm+NLKJtyKPYoAQjdKxAAmv69aWugKtd9HeYdS8pgOGnQ5+PBk/Z0
fDgcysiNAtxRs27cT6muJLRrAwF7zFAuDFdXFTGapOTfq9LxOnqnN26fberyq/3k
g3PwNAHjXYJ6ze9xWGjIxZf0fUHkmz3fTOEMm/fHXwHZRJJMfTC9iqnYQT8X7M/H
zCK+1NwcIUcqimCz/qsKNvHfT9giGfeSKV+EcVDJ0aI4fN/ox02xFmz5rXIteGZF
aAbbDnBC+aW799VMMwtZA8z0d5vOKCmyKeskt6iGpKCVyN1W4vSVuHrQVE2wMhtW
hSBalljK5NnRC6ySd33HKDIeZGBctnRhDqGjQyXRBvXU/i0Tw3qP5Rh3FgVdU4P1
PRgfuvh3wtlTKdKbwm+U+EUKjBUMFwcitxNjb584LNNiVD30gvAB+/JxCNXLz5Bj
FymUZQqqAxdcWXxH5RC/G5hc36j+Sf3QLKfMV0nmWfPNH0+oSvbnto5KpORKt6MK
+cU+VQiMxYcPhRKG4Dfhg7GJrytL4NrLb5gsPm8BfkT6jkThzjJuJP2njNPeCY4+
YU3m/hS8NW8Fd42mAliIrTQ5rYqMfkEd8GsrCWRLqfa+WgPLF46E0B4DcnFu1KAX
tMIcNDSDKxv5pCupSOW3eidaviAcQe7F08H+rBjG8KneuAIXMb4e69A/f978JlEi
4Tl+lwoKBEs=
=rM+x
-----END PGP SIGNATURE-----
The post ESB-2020.4071 – [Win][UNIX/Linux] Moodle: Multiple vulnerabilities appeared first on Malware Devil.
https://malwaredevil.com/2020/11/17/esb-2020-4071-winunix-linux-moodle-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-4071-winunix-linux-moodle-multiple-vulnerabilities
No comments:
Post a Comment