Moodle 2.0.x < 2.0.5 / 2.1.x < 2.1.2 Multiple Vulnerabilities

The remote web server hosts Moodle, an open-source course management system. Versions of Moodle 2.0.x prior to 2.0.5, or 2.1.x prior to 2.1.2 are exposed to the following vulnerabilities :

• Multiple cross-site request forgery (CSRF) vulnerabilities in ‘mod/wiki/’ components that allow remote attackers to hijack the authentication of arbitrary users for requests that modify wiki data. (MSA-11-0027 / CVE-2011-4298)

• A cross-site scripting (XSS) vulnerability in ‘mod/wiki/pagelib.php’ that allows remote authenticated users to inject arbitrary web script or HTML via a wiki comment. (MSA-11-0028 / CVE-2011-4299)

• An information disclosure flaw exists in the ‘file_browser’ component because it does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file. (MSA-11-0029 / CVE-2011-4300)

• A security-bypass flaw exists in the Box.net authentication plugin which was being used prior to OAuth-like authentication in Box.net. (MSA-11-0030)

• A flaw exists in the forms API that allows form values set as constants to be altered when the user submits the form. (MSA-11-0031 / CVE-2011-4301)

• A security flaw exists due to incorrect handling of openssl_verify() return codes and exposes the server to remote attacks bypassing validation. (MSA-11-0032 / CVE-2011-4302)

• A security flaw affects the script ‘lib/db/upgrade.php’ that does not set the correct ‘registration_hubs.secret’ value during installation, which allows remote attackers to bypass intended access restrictions by leveraging the hubs feature. (MSA-11-0033 / CVE-2011-4303)

• The chat functionality allows remote authenticated users to discover the name of any user via a beep operation. Beeping a user would disclose their full name, this also includes deleted users. (MSA-11-0034 / CVE-2011-4304)

• The parameter ‘$CFG->usesid’ was added previously to allow simpler access, but this setting is now ignored to remove a security-bypass vulnerability that allowed for cookie-less user sessions. (MSA-11-0035)

• A cross-site scripting (XSS) vulnerability affects the Wiki. Specifically, this affects the ‘section’ parameter of the script ‘mod/wiki/lang/en/wiki.php’. (MSA-11-0039 / CVE-2011-4307)

• An information disclosure flaw exists in ‘mod/forum/user.php’ which exposes user names to any authenticated members, rather than only students or administrators in the same course. (MSA-11-0040 / CVE-2011-4308)

• A security-bypass flaw allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL. (MSA-11-0041 / CVE-2011-4309)