ALT-PU-2022-5925-1
Package moodle updated to version 3.11.8-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
BDU:2022-03176
Уязвимость виртуальной обучающей среды Moodle, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю проводить межсайтовые сценарные атаки
BDU:2022-03179
Уязвимость реализации конфигурации moodle/badges:configurecriteria виртуальной обучающей среды Moodle, позволяющая нарушителю выполнить произвольный SQL-код
BDU:2022-03182
Уязвимость реализации класса core_auth виртуальной обучающей среды Moodle, позволяющая нарушителю обойти ограничения безопасности
BDU:2022-03183
Уязвимость реализации класса core_user виртуальной обучающей среды Moodle, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2022-03231
Уязвимость реализации класса core_search виртуальной обучающей среды Moodle, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2022-04906
Уязвимость виртуальной обучающей среды moodle, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю выполнить произвольный код и раскрыть защищаемую информацию
BDU:2022-04907
Уязвимость реализации функции автоматического входа в систему с мобильных устройств виртуальной обучающей среды Moodle, позволяющая нарушителю провести фишинговую атаку и раскрыть защищаемую информацию
BDU:2022-04908
Уязвимость модуля LTI виртуальной обучающей среды Moodle, позволяющая нарушителю проводить фишинговые атаки или раскрыть защищаемую информацию
BDU:2022-06403
Уязвимость виртуальной обучающей среды Moodle, связанная с неправильной проверкой входных данных, позволяющая нарушителю выполнить произвольный код
BDU:2022-06405
Уязвимость виртуальной обучающей среды Moodle, связанная с недостаточной проверкой входных данных, позволяющая нарушителю раскрыть защищаемую информацию
Modified: 2024-11-21
CVE-2022-30596
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74204
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74204
- https://bugzilla.redhat.com/show_bug.cgi?id=2083583
- https://bugzilla.redhat.com/show_bug.cgi?id=2083583
- FEDORA-2022-bd4457bcc4
- FEDORA-2022-bd4457bcc4
- FEDORA-2022-89bfefbe48
- FEDORA-2022-89bfefbe48
- FEDORA-2022-530fdc5202
- FEDORA-2022-530fdc5202
- https://moodle.org/mod/forum/discuss.php?d=434578
- https://moodle.org/mod/forum/discuss.php?d=434578
Modified: 2024-11-21
CVE-2022-30597
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74318
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74318
- https://bugzilla.redhat.com/show_bug.cgi?id=2083585
- https://bugzilla.redhat.com/show_bug.cgi?id=2083585
- FEDORA-2022-bd4457bcc4
- FEDORA-2022-bd4457bcc4
- FEDORA-2022-89bfefbe48
- FEDORA-2022-89bfefbe48
- FEDORA-2022-530fdc5202
- FEDORA-2022-530fdc5202
- https://moodle.org/mod/forum/discuss.php?d=434579
- https://moodle.org/mod/forum/discuss.php?d=434579
Modified: 2024-11-21
CVE-2022-30598
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71623
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71623
- https://bugzilla.redhat.com/show_bug.cgi?id=2083592
- https://bugzilla.redhat.com/show_bug.cgi?id=2083592
- FEDORA-2022-bd4457bcc4
- FEDORA-2022-bd4457bcc4
- FEDORA-2022-89bfefbe48
- FEDORA-2022-89bfefbe48
- FEDORA-2022-530fdc5202
- FEDORA-2022-530fdc5202
- https://moodle.org/mod/forum/discuss.php?d=434580
- https://moodle.org/mod/forum/discuss.php?d=434580
Modified: 2024-11-21
CVE-2022-30599
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74333
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74333
- https://bugzilla.redhat.com/show_bug.cgi?id=2083610
- https://bugzilla.redhat.com/show_bug.cgi?id=2083610
- FEDORA-2022-bd4457bcc4
- FEDORA-2022-bd4457bcc4
- FEDORA-2022-89bfefbe48
- FEDORA-2022-89bfefbe48
- FEDORA-2022-530fdc5202
- FEDORA-2022-530fdc5202
- https://moodle.org/mod/forum/discuss.php?d=434581
- https://moodle.org/mod/forum/discuss.php?d=434581
Modified: 2024-11-21
CVE-2022-30600
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-73736
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-73736
- https://bugzilla.redhat.com/show_bug.cgi?id=2083613
- https://bugzilla.redhat.com/show_bug.cgi?id=2083613
- FEDORA-2022-bd4457bcc4
- FEDORA-2022-bd4457bcc4
- FEDORA-2022-89bfefbe48
- FEDORA-2022-89bfefbe48
- FEDORA-2022-530fdc5202
- FEDORA-2022-530fdc5202
- https://moodle.org/mod/forum/discuss.php?d=434582
- https://moodle.org/mod/forum/discuss.php?d=434582
Modified: 2024-11-21
CVE-2022-35649
The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75044
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75044
- https://bugzilla.redhat.com/show_bug.cgi?id=2106273
- https://bugzilla.redhat.com/show_bug.cgi?id=2106273
- FEDORA-2022-81ce74b2dd
- FEDORA-2022-81ce74b2dd
- FEDORA-2022-7e7ce7df2e
- FEDORA-2022-7e7ce7df2e
- https://moodle.org/mod/forum/discuss.php?d=436456
- https://moodle.org/mod/forum/discuss.php?d=436456
Modified: 2024-11-21
CVE-2022-35650
The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72029
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72029
- https://bugzilla.redhat.com/show_bug.cgi?id=2106274
- https://bugzilla.redhat.com/show_bug.cgi?id=2106274
- FEDORA-2022-81ce74b2dd
- FEDORA-2022-81ce74b2dd
- FEDORA-2022-7e7ce7df2e
- FEDORA-2022-7e7ce7df2e
- https://moodle.org/mod/forum/discuss.php?d=436457
- https://moodle.org/mod/forum/discuss.php?d=436457
Modified: 2024-11-21
CVE-2022-35651
A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71921
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71921
- https://bugzilla.redhat.com/show_bug.cgi?id=2106275
- https://bugzilla.redhat.com/show_bug.cgi?id=2106275
- FEDORA-2022-81ce74b2dd
- FEDORA-2022-81ce74b2dd
- FEDORA-2022-7e7ce7df2e
- FEDORA-2022-7e7ce7df2e
- https://moodle.org/mod/forum/discuss.php?d=436458
- https://moodle.org/mod/forum/discuss.php?d=436458
Modified: 2024-11-21
CVE-2022-35652
An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72171
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72171
- https://bugzilla.redhat.com/show_bug.cgi?id=2106276
- https://bugzilla.redhat.com/show_bug.cgi?id=2106276
- FEDORA-2022-81ce74b2dd
- FEDORA-2022-81ce74b2dd
- FEDORA-2022-7e7ce7df2e
- FEDORA-2022-7e7ce7df2e
- https://moodle.org/mod/forum/discuss.php?d=436459
- https://moodle.org/mod/forum/discuss.php?d=436459
Modified: 2024-11-21
CVE-2022-35653
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users.
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72299
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72299
- https://bugzilla.redhat.com/show_bug.cgi?id=2106277
- https://bugzilla.redhat.com/show_bug.cgi?id=2106277
- FEDORA-2022-81ce74b2dd
- FEDORA-2022-81ce74b2dd
- FEDORA-2022-7e7ce7df2e
- FEDORA-2022-7e7ce7df2e
- https://moodle.org/mod/forum/discuss.php?d=436460
- https://moodle.org/mod/forum/discuss.php?d=436460