=================================================================== CERT-Renater Note d'Information No. 2022/VULN334 _____________________________________________________________________ DATE : 20/09/2022 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Moodle versions prior to 4.0.4, 3.11.10, 3.9.17. ====================================================================https://moodle.org/mod/forum/discuss.php?dC8392 https://moodle.org/mod/forum/discuss.php?dC8393 https://moodle.org/mod/forum/discuss.php?dC8394 https://moodle.org/mod/forum/discuss.php?dC8395 _____________________________________________________________________ MSA-22-0023: Stored XSS and page denial of service risks due to recursive rendering in Mustache template helpers par Michael Hawkins,lundi 19 septembre 2022, 23:24 Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. Severity/Risk: Serious Versions affected: 4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versions Versions fixed: 4.0.4, 3.11.10 and 3.9.17 Reported by: Adam Roberts, NCC Group CVE identifier: CVE-2022-40313 Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-68066 Tracker issue: MDL-68066 Stored XSS and page denial of service risks due to recursive rendering in Mustache template helpers _____________________________________________________________________ MSA-22-0024: Remote code execution risk when restoring malformed backup file from Moodle 1.9 par Michael Hawkins,lundi 19 septembre 2022, 23:26 A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified. Severity/Risk: Serious Versions affected: 4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versions Versions fixed: 4.0.4, 3.11.10 and 3.9.17 Reported by: Paul Holden CVE identifier: CVE-2022-40314 Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75405 Tracker issue: MDL-75405 Remote code execution risk when restoring malformed backup file from Moodle 1.9 _____________________________________________________________________ MSA-22-0025: Minor SQL injection risk in admin user browsing par Michael Hawkins,lundi 19 septembre 2022, 23:28 A limited SQL injection risk was identified in the "browse list of users" site administration page. Severity/Risk: Minor Versions affected: 4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versions Versions fixed: 4.0.4, 3.11.10 and 3.9.17 Reported by: Vincent CVE identifier: CVE-2022-40315 Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75283 Tracker issue: MDL-75283 Minor SQL injection risk in admin user browsing _____________________________________________________________________ MSA-22-0026: No groups filtering in H5P activity attempts report par Michael Hawkins,lundi 19 septembre 2022, 23:29 The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. Severity/Risk: Minor Versions affected: 4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versions Versions fixed: 4.0.4, 3.11.10 and 3.9.17 Reported by: Jari Vilkman and Bjørn Teistung Workaround: Access to this feature can be revoked by removing the mod/h5pactivity:reviewattempts capability from relevant users until the patch is applied. CVE identifier: CVE-2022-40316 Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71662 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72012 Tracker issue: MDL-71662 and MDL-72012 No groups filtering in H5P activity attempts report ========================================================+ CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =======================================================