6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
65.6%
Updated moodle package fixes security vulnerabilities: In Moodle before 2.4.9, question strings were not being filtered correctly possibly allowing cross site scripting, as quiz_question_tostring can cause invalid HTML (CVE-2014-2571). Feedback Availability dates not honored in complete.php in Moodle before 2.4.9, therefore it was possible to start a Feedback activity while it was supposed to be closed (CVE-2014-0127). Broken access control vulnerability in Moodle before 2.4.9 with /mod/chat/chat_ajax.php, where capabilities to chat were being checked at the start of a chat, but not during, so changes were not effective immediately (CVE-2014-0122). In Moodle before 2.4.9, there were missing access checks on Wiki pages allowing students to see pages of other students’ individual wikis, through the Recent activity block (CVE-2014-0123). In Moodle before 2.4.9, cross site scripting was possible with Flowplayer (CVE-2013-7341). In Moodle before 2.4.9, Forum and Quiz were showing users’ email addresses when settings were supposed to be preventing this (CVE-2014-0124). In Moodle before 2.4.9, alias links to items in an Alfresco repository were provided with information that would allow someone to impersonate the file owner in Alfresco (CVE-2014-0125). Cross Site Request Forgery in Moodle before 2.4.9 in enrol/imsenterprise/importnow.php, due to inadequate session checking when triggering the import of IMS Enterprise identities (CVE-2014-0126).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 3 | noarch | moodle | < 2.4.9-1 | moodle-2.4.9-1.mga3 |
Mageia | 4 | noarch | moodle | < 2.4.9-1 | moodle-2.4.9-1.mga4 |
docs.moodle.org/dev/Moodle_2.4.9_release_notes
bugs.mageia.org/show_bug.cgi?id=13005
moodle.org/mod/forum/discuss.php?d=255903
moodle.org/mod/forum/discuss.php?d=256416
moodle.org/mod/forum/discuss.php?d=256417
moodle.org/mod/forum/discuss.php?d=256418
moodle.org/mod/forum/discuss.php?d=256419
moodle.org/mod/forum/discuss.php?d=256420
moodle.org/mod/forum/discuss.php?d=256421
moodle.org/mod/forum/discuss.php?d=256422
moodle.org/mod/forum/discuss.php?d=256423