===================================================================== CERT-Renater Note d'Information No. 2022/VULN431 _____________________________________________________________________ DATE : 22/11/2022 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running moodle versions prior to 4.0.5, 3.11.11, 3.9.18. ===================================================================== https://moodle.org/mod/forum/discuss.php?d=440767 https://moodle.org/mod/forum/discuss.php?d=440769 https://moodle.org/mod/forum/discuss.php?d=440770 https://moodle.org/mod/forum/discuss.php?d=440771 https://moodle.org/mod/forum/discuss.php?d=440772 _____________________________________________________________________ MSA-22-0028: Apply upstream security fix to VideoJS library to remove XSS risk par Michael Hawkins, lundi 21 novembre 2022, 20:55 An upstream security patch was applied to the third party VideoJS library included with Moodle, on versions affected by an XSS risk. Severity/Risk: Serious Versions affected: 3.11 to 3.11.10, 3.9 to 3.9.17 and earlier unsupported versions Versions fixed: 3.11.11 and 3.9.18 Reported by: Vincent CVE identifier: CVE-2021-23414 (upstream) Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75278 Tracker issue: MDL-75278 Apply upstream security fix to VideoJS library to remove XSS risk _____________________________________________________________________ MSA-22-0029: Course restore - CSRF token passed in course redirect URL par Michael Hawkins, lundi 21 novembre 2022, 20:57 A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. Severity/Risk: Minor Versions affected: 4.0 to 4.0.4, 3.11 to 3.11.10, 3.9 to 3.9.17 and earlier unsupported versions Versions fixed: 4.0.5, 3.11.11 and 3.9.18 Reported by: Michael Hawkins CVE identifier: CVE-2022-45149 Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75862 Tracker issue: MDL-75862 Course restore - CSRF token passed in course redirect URL _____________________________________________________________________ MSA-22-0030: Reflected XSS risk in policy tool par Michael Hawkins, lundi 21 novembre 2022, 20:58 The return URL in the policy tool required extra sanitizing to prevent a reflected XSS risk. Severity/Risk: Serious Versions affected: 4.0 to 4.0.4, 3.11 to 3.11.10, 3.9 to 3.9.17 and earlier unsupported versions Versions fixed: 4.0.5, 3.11.11 and 3.9.18 Reported by: Eric Merrill CVE identifier: CVE-2022-45150 Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76091 Tracker issue: MDL-76091 Reflected XSS risk in policy tool _____________________________________________________________________ MSA-22-0031: Stored XSS possible in some "social" user profile fields par Michael Hawkins, lundi 21 novembre 2022, 20:59 The "social" user profile field type performed insufficient escaping on some fields, resulting in a stored XSS risk. Severity/Risk: Serious Versions affected: 4.0 to 4.0.4 and 3.11 to 3.11.10 Versions fixed: 4.0.5 and 3.11.11 Reported by: Bernardo Cabral Workaround: Update "social" user profile fields so their visibility is set to "not visible", until the patch is applied. CVE identifier: CVE-2022-45151 Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76131 Tracker issue: MDL-76131 Stored XSS possible in some "social" user profile fields _____________________________________________________________________ MSA-22-0032: Blind SSRF risk in LTI provider library par Michael Hawkins, lundi 21 novembre 2022, 21:00 Moodle's LTI provider library did not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. Severity/Risk: Serious Versions affected: 4.0 to 4.0.4, 3.11 to 3.11.10, 3.9 to 3.9.17 and earlier unsupported versions Versions fixed: 4.0.5, 3.11.11 and 3.9.18 Reported by: Rekter0 and Holme CVE identifier: CVE-2022-45152 Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71920 Tracker issue: MDL-71920 Blind SSRF risk in LTI provider library ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================