Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 883691 (CVE-2022-45149, CVE-2022-45150, CVE-2022-45151, CVE-2022-45152, CVE-2023-23921, CVE-2023-23922, CVE-2023-23923) - <www-apps/moodle-{3.11.12,4.0.6}: multiple vulnerabilities
Summary: <www-apps/moodle-{3.11.12,4.0.6}: multiple vulnerabilities
Status: CONFIRMED
Alias: CVE-2022-45149, CVE-2022-45150, CVE-2022-45151, CVE-2022-45152, CVE-2023-23921, CVE-2023-23922, CVE-2023-23923
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B4 [glsa?]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-11-30 00:41 UTC by John Helmert III
Modified: 2024-01-07 03:54 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-30 00:41:37 UTC
CVE-2022-45149 (https://bugzilla.redhat.com/show_bug.cgi?id=2142772):
https://moodle.org/mod/forum/discuss.php?d=440769
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75862

A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.

CVE-2022-45150 (https://bugzilla.redhat.com/show_bug.cgi?id=2142773):
https://moodle.org/mod/forum/discuss.php?d=440770
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76091

A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.

CVE-2022-45151 (https://bugzilla.redhat.com/show_bug.cgi?id=2142774):
https://moodle.org/mod/forum/discuss.php?d=440771
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76131

The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

CVE-2022-45152 (https://bugzilla.redhat.com/show_bug.cgi?id=2142775):
https://moodle.org/mod/forum/discuss.php?d=440772
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71920

A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.

Fixes in 3.9.18, 3.11.11, 4.0.5. Please bump.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-02-26 18:07:18 UTC
CVE-2023-23921 (https://bugzilla.redhat.com/show_bug.cgi?id=2162526):
https://moodle.org/mod/forum/discuss.php?d=443272#p1782021
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76810

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.

CVE-2023-23922 (https://bugzilla.redhat.com/show_bug.cgi?id=2162547):
https://moodle.org/mod/forum/discuss.php?d=443273#p1782022
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76861

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.

CVE-2023-23923 (https://bugzilla.redhat.com/show_bug.cgi?id=2162549):
https://moodle.org/mod/forum/discuss.php?d=443274#p1782023
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862

The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

None of the commits seem to be a part of any release.