Petr Skoda

**Nome do software vulnerável e versões afetadas** MFA (versões afetadas não especificadas) **Descrição** O problema diz respeito à opção de logout no MFA, que não incluía o token necessário para evitar o risco de os usuários serem desconectados inadvertidamente por meio de CSRF. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Moodle (versões afetadas não especificadas) **Descrição** O problema decorre do uso direto e inseguro da variável `HTTP REFERER` no arquivo `admin/tool/mfa/index.php`. Especificamente, a URL de referência usada pela Autenticação Multifatorial (MFA) exigia sanitização adicional em vez de ser usada diretamente. Isso poderia potencialmente levar a problemas de segurança, embora a natureza exata e o impacto não estejam detalhados nas informações fornecidas. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 3.11 to 3.11.14 Moodle versions 4.0 to 4.0.8 Moodle versions 4.1 to 4.1.3 Moodle version 4.2 **Description** The issue is related to insufficient sanitizing of user-provided data on the groups page, which poses an XSS risk. This could allow a remote attacker to steal potentially confidential information, modify the appearance of web pages, or conduct phishing and disk loading attacks. **Recommendations** For Moodle versions 3.11 to 3.11.14, update to a version that includes the necessary sanitizing fixes. For Moodle versions 4.0 to 4.0.8, update to a version that includes the necessary sanitizing fixes. For Moodle versions 4.1 to 4.1.3, update to a version that includes the necessary sanitizing fixes. For Moodle version 4.2, update to a version that includes the necessary sanitizing fixes. As a temporary workaround, consider restricting access to the groups page until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Database auto-linking filter (affected versions not specified) **Description** The issue arises from the database auto-linking filter's output requiring additional sanitizing to prevent a cross-site scripting (XSS) risk. This implies that without proper sanitization, an attacker could potentially inject malicious scripts into the content output by the filter, leading to XSS attacks. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moodle (affected versions not specified) **Description** The issue arises when the algebra filter is enabled but not functional, typically due to missing necessary binaries from the server. This presents a cross-site scripting (XSS) risk. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 2.5.10 Moodle versions 2.6.x through 2.6.6 Moodle versions 2.7.x through 2.7.3 Moodle versions 2.8.x through 2.8.1 **Description** The issue is related to a cross-site request forgery (CSRF) vulnerability in the auth/shibboleth/logout.php component of the Moodle learning management system. This vulnerability can be exploited by a remote attacker to disrupt the authentication procedure for arbitrary users by using specially crafted requests. **Recommendations** For Moodle versions prior to 2.5.10, update to version 2.5.10 or later. For Moodle versions 2.6.x through 2.6.6, update to version 2.6.7 or later. For Moodle versions 2.7.x through 2.7.3, update to version 2.7.4 or later. For Moodle versions 2.8.x through 2.8.1, update to version 2.8.2 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.5.9 and earlier Moodle versions 2.6.x before 2.6.7 Moodle versions 2.7.x before 2.7.4 Moodle versions 2.8.x before 2.8.2 **Description** The issue is related to the mod/lti/ajax.php component in Moodle, which does not properly consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before handling registered-tool list searches. This allows remote authenticated users to obtain sensitive information via requests to the LTI Ajax service. The vulnerability is associated with a lack of protection for internal data, which can be exploited by an attacker to gain access to protected information using specially crafted requests to the Ajax service. **Recommendations** For Moodle versions 2.5.9 and earlier, update to a version later than 2.5.9. For Moodle versions 2.6.x before 2.6.7, update to version 2.6.7 or later. For Moodle versions 2.7.x before 2.7.4, update to version 2.7.4 or later. For Moodle versions 2.8.x before 2.8.2, update to version 2.8.2 or later. As a temporary workaround, consider restricting access to the mod/lti/ajax.php component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.5.9 and earlier Moodle versions 2.6.x before 2.6.7 Moodle versions 2.7.x before 2.7.4 Moodle versions 2.8.x before 2.8.2 **Description** The issue is related to the lack of protection for service data in the calendar/externallib.php component of the Moodle learning management system. This allows a remote authenticated user to obtain sensitive calendar event information via a specially crafted web services request. **Recommendations** For Moodle versions 2.5.9 and earlier, update to version 2.6.7 or later. For Moodle versions 2.6.x before 2.6.7, update to version 2.6.7 or later. For Moodle versions 2.7.x before 2.7.4, update to version 2.7.4 or later. For Moodle versions 2.8.x before 2.8.2, update to version 2.8.2 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.4.11 and earlier, 2.5.x before 2.5.9, 2.6.x before 2.6.6, 2.7.x before 2.7.3 **Description** The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts, due to the lack of charset information in HTTP headers. **Recommendations** For versions 2.4.11 and earlier, update to version 2.4.12 or later. For versions 2.5.x before 2.5.9, update to version 2.5.9 or later. For versions 2.6.x before 2.6.6, update to version 2.6.6 or later. For versions 2.7.x before 2.7.3, update to version 2.7.3 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.4.0 through 2.4.11 Moodle versions 2.5.x before 2.5.9 Moodle versions 2.6.x before 2.6.6 Moodle versions 2.7.x before 2.7.3 **Description** The issue is related to the LTI module, which does not properly restrict parameters used in a return URL. This allows remote attackers to trigger the generation of arbitrary messages via a modified URL, specifically related to mod/lti/locallib.php and mod/lti/return.php. **Recommendations** For Moodle versions 2.4.0 through 2.4.11, update to version 2.4.12 or later. For Moodle versions 2.5.x before 2.5.9, update to version 2.5.9 or later. For Moodle versions 2.6.x before 2.6.6, update to version 2.6.6 or later. For Moodle versions 2.7.x before 2.7.3, update to version 2.7.3 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 2.4.12 Moodle versions 2.5.x before 2.5.9 Moodle versions 2.6.x before 2.6.6 Moodle versions 2.7.x before 2.7.3 **Description** A cross-site scripting (XSS) issue exists in the Feedback module of Moodle, allowing remote authenticated users to inject arbitrary web script or HTML. This is achieved by leveraging the mod/feedback:mapcourse capability to provide a `searchcourse` parameter in the `mod/feedback/mapcourse.php` file. **Recommendations** For Moodle versions prior to 2.4.12, update to version 2.4.12 or later. For Moodle versions 2.5.x before 2.5.9, update to version 2.5.9 or later. For Moodle versions 2.6.x before 2.6.6, update to version 2.6.6 or later. For Moodle versions 2.7.x before 2.7.3, update to version 2.7.3 or later. As a temporary workaround, consider restricting access to the `mod/feedback/mapcourse.php` file until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.4.11 and earlier Moodle versions 2.5.x before 2.5.9 Moodle versions 2.6.x before 2.6.6 Moodle versions 2.7.x before 2.7.3 **Description** The issue allows remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within certain files, including mod/forum/deprecatedlib.php, mod/forum/forum.js, mod/forum/index.php, or mod/forum/lib.php. This is due to multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module. **Recommendations** For Moodle versions 2.4.11 and earlier, update to a version later than 2.4.11. For Moodle versions 2.5.x before 2.5.9, update to version 2.5.9 or later. For Moodle versions 2.6.x before 2.6.6, update to version 2.6.6 or later. For Moodle versions 2.7.x before 2.7.3, update to version 2.7.3 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.4.11 and earlier, 2.5.x before 2.5.9, 2.6.x before 2.6.6, 2.7.x before 2.7.3 **Description** The issue allows remote authenticated users to remove wiki pages by leveraging delete access within a different subwiki, specifically affecting the mod/wiki/admin.php file. **Recommendations** For versions 2.4.11 and earlier, update to a version later than 2.4.11. For versions 2.5.x before 2.5.9, update to version 2.5.9 or later. For versions 2.6.x before 2.6.6, update to version 2.6.6 or later. For versions 2.7.x before 2.7.3, update to version 2.7.3 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 2.4.11 Moodle versions 2.5.x before 2.5.9 Moodle versions 2.6.x before 2.6.6 Moodle versions 2.7.x before 2.7.3 **Description** The issue allows remote attackers to hijack the authentication of arbitrary users. This can be achieved through a cross-site request forgery (CSRF) attack, specifically targeting the LTI module. The attack can involve requests to "mod/lti/request tool.php" or "mod/lti/instructor edit tool type.php". **Recommendations** For Moodle versions prior to 2.4.11, update to version 2.4.11 or later. For Moodle versions 2.5.x before 2.5.9, update to version 2.5.9 or later. For Moodle versions 2.6.x before 2.6.6, update to version 2.6.6 or later. For Moodle versions 2.7.x before 2.7.3, update to version 2.7.3 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.6.x through 2.6.5 Moodle versions 2.7.x through 2.7.2 **Description** The issue allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross-site scripting (XSS) attacks. This is possible because the webservice/upload.php file does not ensure that a file upload is for a private or draft area. The attacks can be conducted by specifying the profile-picture area. **Recommendations** For Moodle versions 2.6.x through 2.6.5, update to version 2.6.6 or later. For Moodle versions 2.7.x through 2.7.2, update to version 2.7.3 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.6.x through 2.6.5 Moodle versions 2.7.x through 2.7.2 **Description** The issue allows remote authenticated users to access a forum without proper group permission verification. This is due to a problem in the `mod/forum/externallib.php` file, specifically with the `forum get discussions` web service. **Recommendations** For Moodle versions 2.6.x through 2.6.5, update to version 2.6.6 or later. For Moodle versions 2.7.x through 2.7.2, update to version 2.7.3 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.4.11 and earlier, 2.5.x before 2.5.9, 2.6.x before 2.6.6, 2.7.x before 2.7.3 **Description** The issue concerns the LTI module in Moodle, where the `mod/lti/launch.php` file performs access control at the course level rather than at the activity level. This allows remote authenticated users to bypass the `mod/lti:view` capability requirement by viewing an activity instance. **Recommendations** For versions 2.4.11 and earlier, update to a version later than 2.4.11. For versions 2.5.x before 2.5.9, update to version 2.5.9 or later. For versions 2.6.x before 2.6.6, update to version 2.6.6 or later. For versions 2.7.x before 2.7.3, update to version 2.7.3 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 1.6 through 1.6.6 Moodle versions 1.7 through 1.7.4 Moodle versions 1.8 through 1.8.5 Moodle versions 1.9 through 1.9.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt. This is due to a SQL injection vulnerability in the `hotpot delete selected attempts` function in `report.php` in the HotPot module. **Recommendations** For Moodle versions 1.6 through 1.6.6, update to version 1.6.7 or later. For Moodle versions 1.7 through 1.7.4, update to version 1.7.5 or later. For Moodle versions 1.8 through 1.8.5, update to version 1.8.6 or later. For Moodle versions 1.9 through 1.9.1, update to version 1.9.2 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle version 1.7.1 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via a style expression in the `search` parameter of index.php. **Recommendations** For Moodle version 1.7.1, consider restricting access to the search parameter in index.php to minimize the risk of exploitation. As a temporary workaround, avoid using the `search` parameter in the affected index.php until the issue is resolved.