Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN100 _____________________________________________________________________ DATE : 18/02/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Moodle versions prior to 4.5.2, 4.4.6, 4.3.10, 4.1.16. ===================================================================== https://moodle.org/mod/forum/discuss.php?d=466141 https://moodle.org/mod/forum/discuss.php?d=466142 https://moodle.org/mod/forum/discuss.php?d=466143 https://moodle.org/mod/forum/discuss.php?d=466144 https://moodle.org/mod/forum/discuss.php?d=466145 https://moodle.org/mod/forum/discuss.php?d=466146 https://moodle.org/mod/forum/discuss.php?d=466147 https://moodle.org/mod/forum/discuss.php?d=466148 https://moodle.org/mod/forum/discuss.php?d=466149 https://moodle.org/mod/forum/discuss.php?d=466150 _____________________________________________________________________ MSA-25-0001: Arbitrary file read risk through pdfTeX par Michael Hawkins, mardi 18 février 2025, 02:37 Nombre de réponses : 0 Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as those with TeX Live installed). Severity/Risk: Serious Versions affected: 4.5 to 4.5.1, 4.4 to 4.4.5, 4.3 to 4.3.9, 4.1 to 4.1.15 and earlier unsupported versions Versions fixed: 4.5.2, 4.4.6, 4.3.10 and 4.1.16 Reported by: vicevirus CVE identifier: CVE-2025-26525 Changes (main): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84136 Tracker issue: MDL-84136 Arbitrary file read risk through pdfTeX _____________________________________________________________________ MSA-25-0002: Feedback response viewing and deletions did not respect Separate Groups mode par Michael Hawkins, mardi 18 février 2025, 02:38 Nombre de réponses : 0 Separate Groups mode restrictions were not factored into permission checks before allowing viewing or deletion of responses in Feedback activities. Severity/Risk: Minor Versions affected: 4.5 to 4.5.1, 4.4 to 4.4.5, 4.3 to 4.3.9, 4.1 to 4.1.15 and earlier unsupported versions Versions fixed: 4.5.2, 4.4.6, 4.3.10 and 4.1.16 Reported by: Leon Stringer CVE identifier: CVE-2025-26526 Changes (main): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79976 Tracker issue: MDL-79976 Feedback response viewing and deletions did not respect Separate Groups mode _____________________________________________________________________ MSA-25-0003: Non-searchable tags can still be discovered on the tag search page and in the tags block par Michael Hawkins, mardi 18 février 2025, 02:38 Nombre de réponses : 0 Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block. Severity/Risk: Minor Versions affected: 4.5 to 4.5.1, 4.4 to 4.4.5, 4.3 to 4.3.9, 4.1 to 4.1.15 and earlier unsupported versions Versions fixed: 4.5.2, 4.4.6, 4.3.10 and 4.1.16 Reported by: Marina Glancy CVE identifier: CVE-2025-26527 Changes (main): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-83941 Tracker issue: MDL-83941 Non-searchable tags can still be discovered on the tag search page and in the tags block _____________________________________________________________________ MSA-25-0004: Stored XSS in ddimageortext question type par Michael Hawkins, mardi 18 février 2025, 02:38 Nombre de réponses : 0 The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk. Severity/Risk: Minor Versions affected: 4.5 to 4.5.1, 4.4 to 4.4.5, 4.3 to 4.3.9, 4.1 to 4.1.15 and earlier unsupported versions Versions fixed: 4.5.2, 4.4.6, 4.3.10 and 4.1.16 Reported by: Vincent Schneider (cli-ish) CVE identifier: CVE-2025-26528 Changes (main): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-82896 Tracker issue: MDL-82896 Stored XSS in ddimageortext question type _____________________________________________________________________ MSA-25-0005: Stored XSS risk in admin live log par Michael Hawkins, mardi 18 février 2025, 02:39 Nombre de réponses : 0 Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk. Severity/Risk: Serious Versions affected: 4.5 to 4.5.1, 4.4 to 4.4.5, 4.3 to 4.3.9, 4.1 to 4.1.15 and earlier unsupported versions Versions fixed: 4.5.2, 4.4.6, 4.3.10 and 4.1.16 Reported by: nightbloodz CVE identifier: CVE-2025-26529 Changes (main): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84145 Tracker issue: MDL-84145 Stored XSS risk in admin live log _____________________________________________________________________ MSA-25-0006: Reflected XSS via question bank filter par Michael Hawkins, mardi 18 février 2025, 02:39 Nombre de réponses : 0 The question bank filter required additional sanitizing to prevent a reflected XSS risk. Severity/Risk: Serious Versions affected: 4.5 to 4.5.1, 4.4 to 4.4.5 and 4.3 to 4.3.9 Versions fixed: 4.5.2, 4.4.6 and 4.3.10 Reported by: Hect0r CVE identifier: CVE-2025-26530 Changes (main): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84146 Tracker issue: MDL-84146 Reflected XSS via question bank filter _____________________________________________________________________ MSA-25-0007: Upgrade RequireJS including security fix (upstream) par Michael Hawkins, mardi 18 février 2025, 02:40 Nombre de réponses : 0 The upstream RequireJS library was upgraded, which included a security fix. Severity/Risk: Minor Versions affected: 4.5 to 4.5.1, 4.4 to 4.4.5, 4.3 to 4.3.9, 4.1 to 4.1.15 and earlier unsupported versions Versions fixed: 4.5.2, 4.4.6, 4.3.10 and 4.1.16 Reported by: Paola Maneggia CVE identifier: CVE-2024-38999 (upstream) Changes (main): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84023 Tracker issue: MDL-84023 Upgrade RequireJS including security fix (upstream) _____________________________________________________________________ MSA-25-0008: IDOR in badges allows disabling of arbitrary badges par Michael Hawkins, mardi 18 février 2025, 02:40 Nombre de réponses : 0 Insufficient capability checks made it possible to disable badges a user does not have permission to access. Severity/Risk: Minor Versions affected: 4.5 to 4.5.1, 4.4 to 4.4.5, 4.3 to 4.3.9, 4.1 to 4.1.15 and earlier unsupported versions Versions fixed: 4.5.2, 4.4.6, 4.3.10 and 4.1.16 Reported by: Paul Holden CVE identifier: CVE-2025-26531 Changes (main): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84239 Tracker issue: MDL-84239 IDOR in badges allows disabling of arbitrary badges _____________________________________________________________________ MSA-25-0009: Teachers can evade trusttext config when restoring glossary entries par Michael Hawkins, mardi 18 février 2025, 02:40 Nombre de réponses : 0 Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored. Severity/Risk: Minor Versions affected: 4.5 to 4.5.1, 4.4 to 4.4.5, 4.3 to 4.3.9, 4.1 to 4.1.15 and earlier unsupported versions Versions fixed: 4.5.2, 4.4.6, 4.3.10 and 4.1.16 Reported by: Paul Holden CVE identifier: CVE-2025-26532 Changes (main): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84003 Tracker issue: MDL-84003 Teachers can evade trusttext config when restoring glossary entries _____________________________________________________________________ MSA-25-0010: SQL injection risk in course search module list filter par Michael Hawkins, mardi 18 février 2025, 02:41 Nombre de réponses : 0 An SQL injection risk was identified in the module list filter within course search. Severity/Risk: Serious Versions affected: 4.5 to 4.5.1, 4.4 to 4.4.5, 4.3 to 4.3.9, 4.1 to 4.1.15 and earlier unsupported versions Versions fixed: 4.5.2, 4.4.6, 4.3.10 and 4.1.16 Reported by: Lars Bonczek CVE identifier: CVE-2025-26533 Changes (main): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84271 Tracker issue: MDL-84271 SQL injection risk in course search module list filter ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================