0Xkasper

**Name of the Vulnerable Software and Affected Versions** Moodle (affected versions not specified) **Description** The issue is related to a misconfigured shared hosting environment, allowing access to other users' content. A Moodle user with direct access to the web server outside of the Moodle webroot could utilize a local file include to achieve remote code execution. The vulnerability is also associated with incorrect code generation management, which can be exploited by a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 3.11 to 3.11.3 Moodle versions 3.10 to 3.10.7 Moodle versions 3.9 to 3.9.10 Moodle versions prior to 3.9 **Description** A flaw was found in Moodle due to insufficient capability checks, making it possible to fetch other users' calendar action events. This issue is related to inadequate access control mechanisms, which could allow a remote attacker to elevate privileges. **Recommendations** For Moodle versions 3.11 to 3.11.3, update to a version later than 3.11.3 to resolve the issue. For Moodle versions 3.10 to 3.10.7, update to a version later than 3.10.7 to resolve the issue. For Moodle versions 3.9 to 3.9.10, update to a version later than 3.9.10 to resolve the issue. For Moodle versions prior to 3.9, update to a supported version to resolve the issue. As a temporary workaround, consider restricting access to calendar action events until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Matrix versions 1.41.0 and prior **Description** Unauthorised users can access the membership (list of members, with their display names) of a room if they know the ID of the room. The issue is limited to rooms with `shared` history visibility. Furthermore, the unauthorised user must be using an account on a vulnerable homeserver that is in the room. Administrators of servers that use a reverse proxy could block the endpoints: `/ matrix/client/r0/rooms/{room id}/members` with `at` query parameter, and `/ matrix/client/unstable/rooms/{room id}/members` with `at` query parameter. **Recommendations** Server administrators should upgrade to 1.41.1 or later in order to receive the patch. As a temporary workaround, administrators of servers that use a reverse proxy could block the endpoints: `/ matrix/client/r0/rooms/{room id}/members` with `at` query parameter, and `/ matrix/client/unstable/rooms/{room id}/members` with `at` query parameter, although this may result in unacceptable loss of functionality.

**Name of the Vulnerable Software and Affected Versions** Matrix versions 1.41.0 and prior **Description** Unauthorised users can access the name, avatar, topic, and number of members of a room if they know the ID of the room. This issue is limited to homeservers where the vulnerable homeserver is in the room and untrusted users are permitted to create groups, which requires the configuration setting `enable group creation` to be set to `true`. By default, only homeserver administrators can create groups, and they already have access to this information through the database or admin API. **Recommendations** To patch the vulnerability, server administrators should upgrade to version 1.41.1 or higher. As a temporary workaround, server administrators can set `enable group creation` to `false` in their homeserver configuration to prevent creation of groups by non-administrators. Administrators using a reverse proxy can block the endpoints `/ matrix/client/r0/groups/{group id}/rooms` and `/ matrix/client/unstable/groups/{group id}/rooms` to minimize the risk, albeit with partial loss of group functionality.

**Name of the Vulnerable Software and Affected Versions** Moodle (affected versions not specified) **Description** The issue is related to uncontrolled recursion in the system, which can be exploited by a remote attacker to cause a denial of service by creating a specially crafted URL. The file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moodle (affected versions not specified) **Description** The issue is related to insufficient capability checks in Moodle, which can allow a remote attacker to bypass security features. Specifically, the problem lies in the fact that message deletions were not limited to the current user, potentially allowing unauthorized access to sensitive information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moodle (affected versions not specified) **Description** The issue is related to a lack of protection against SQL injection attacks. This could allow a remote attacker to execute arbitrary code by sending specially crafted SQL queries. The problem is specifically identified in the library that fetches a user's recent courses. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.