Lucene search

Gentoo FoundationMGASA-2013-0356

HistoryDec 01, 2013 - 1:24 a.m.

Updated moodle package fixes security vulnerabilities

2013-12-0101:24:35

Gentoo Foundation

advisories.mageia.org

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:C/I:N/A:N

EPSS

0.005

Percentile

75.9%

JSON

Some files were being delivered with incorrect headers in Moodle before 2.4.7, meaning they could be cached downstream (CVE-2013-4522). Cross-site scripting in Moodle before 2.4.7 due to JavaScript in messages being executed on some pages (CVE-2013-4523). The file system repository in Moodle before 2.4.7 was allowing access to files beyond the Moodle file area (CVE-2013-4524). Cross-site scripting in Moodle before 2.4. due to JavaScript in question answers being executed on the Quiz Results page (CVE-2013-4525).

OSVersionArchitecturePackageVersionFilename
Mageia3noarchmoodle< 2.4.7-1moodle-2.4.7-1.mga3

OS	Version	Architecture	Package	Version	Filename
Mageia	3	noarch	moodle	< 2.4.7-1	moodle-2.4.7-1.mga3

References

docs.moodle.org/dev/Moodle_2.4.7_release_notes

bugs.mageia.org/show_bug.cgi?id=11671

moodle.org/mod/forum/discuss.php?d=243213

moodle.org/mod/forum/discuss.php?d=244479

moodle.org/mod/forum/discuss.php?d=244480

moodle.org/mod/forum/discuss.php?d=244481

moodle.org/mod/forum/discuss.php?d=244482

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:C/I:N/A:N

EPSS

0.005

Percentile

75.9%

JSON

Related for MGASA-2013-0356