Refine your search
104 vulnerabilities found for moodle by Moodle
CERTFR-2026-AVI-0177
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions ant\u00e9rieures \u00e0 4.5.9",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 5.1.x ant\u00e9rieures \u00e0 5.1.2",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 5.0.x ant\u00e9rieures \u00e0 5.0.5",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-26046",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26046"
},
{
"name": "CVE-2026-26047",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26047"
},
{
"name": "CVE-2026-26045",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26045"
},
{
"name": "CVE-2024-51736",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51736"
}
],
"initial_release_date": "2026-02-17T00:00:00",
"last_revision_date": "2026-02-17T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0177",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": "2026-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 473314",
"url": "https://moodle.org/mod/forum/discuss.php?d=473314"
},
{
"published_at": "2026-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 473316",
"url": "https://moodle.org/mod/forum/discuss.php?d=473316"
},
{
"published_at": "2026-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 473315",
"url": "https://moodle.org/mod/forum/discuss.php?d=473315"
},
{
"published_at": "2026-02-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 473317",
"url": "https://moodle.org/mod/forum/discuss.php?d=473317"
}
]
}
CERTFR-2025-AVI-1113
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moodle | Moodle | Moodle versions 4.1.x antérieures à 4.1.22 | ||
| Moodle | Moodle | Moodle versions 5.0.x antérieures à 5.0.4 | ||
| Moodle | Moodle | Moodle versions 4.5.x antérieures à 4.5.8 | ||
| Moodle | Moodle | Moodle versions 5.1.x antérieures à 5.1.1 | ||
| Moodle | Moodle | Moodle versions 4.4.x antérieures à 4.4.12 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.22",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 5.0.x ant\u00e9rieures \u00e0 5.0.4",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.5.x ant\u00e9rieures \u00e0 4.5.8",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 5.1.x ant\u00e9rieures \u00e0 5.1.1",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.4.x ant\u00e9rieures \u00e0 4.4.12",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-67848",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67848"
},
{
"name": "CVE-2025-67852",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67852"
},
{
"name": "CVE-2025-67850",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67850"
},
{
"name": "CVE-2025-67849",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67849"
},
{
"name": "CVE-2025-67851",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67851"
},
{
"name": "CVE-2025-67853",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67853"
},
{
"name": "CVE-2025-67856",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67856"
},
{
"name": "CVE-2025-67855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67855"
},
{
"name": "CVE-2025-67854",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67854"
},
{
"name": "CVE-2025-67857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67857"
}
],
"initial_release_date": "2025-12-16T00:00:00",
"last_revision_date": "2025-12-16T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1113",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": "2025-12-15",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0057",
"url": "https://moodle.org/mod/forum/discuss.php?d=471303"
},
{
"published_at": "2025-12-15",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0058",
"url": "https://moodle.org/mod/forum/discuss.php?d=471304"
},
{
"published_at": "2025-12-15",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0053",
"url": "https://moodle.org/mod/forum/discuss.php?d=471299"
},
{
"published_at": "2025-12-15",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0052",
"url": "https://moodle.org/mod/forum/discuss.php?d=471298"
},
{
"published_at": "2025-12-15",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0060",
"url": "https://moodle.org/mod/forum/discuss.php?d=471306"
},
{
"published_at": "2025-12-15",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0059",
"url": "https://moodle.org/mod/forum/discuss.php?d=471305"
},
{
"published_at": "2025-12-15",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0055",
"url": "https://moodle.org/mod/forum/discuss.php?d=471301"
},
{
"published_at": "2025-12-15",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0054",
"url": "https://moodle.org/mod/forum/discuss.php?d=471300"
},
{
"published_at": "2025-12-15",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0056",
"url": "https://moodle.org/mod/forum/discuss.php?d=471302"
},
{
"published_at": "2025-12-15",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0061",
"url": "https://moodle.org/mod/forum/discuss.php?d=471307"
}
]
}
CERTFR-2025-AVI-0957
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une injection de requêtes illégitimes par rebond (CSRF) et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions ant\u00e9rieures \u00e0 5.0.3",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 4.1.21",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 4.4.11 ",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 4.5.7",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-62394",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62394"
},
{
"name": "CVE-2025-62401",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62401"
},
{
"name": "CVE-2025-62398",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62398"
},
{
"name": "CVE-2025-62437",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62437"
},
{
"name": "CVE-2025-62397",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62397"
},
{
"name": "CVE-2025-62436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62436"
},
{
"name": "CVE-2025-54869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54869"
},
{
"name": "CVE-2025-62396",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62396"
},
{
"name": "CVE-2025-62438",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62438"
},
{
"name": "CVE-2025-62393",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62393"
},
{
"name": "CVE-2025-62399",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62399"
},
{
"name": "CVE-2025-62395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62395"
},
{
"name": "CVE-2025-62400",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62400"
},
{
"name": "CVE-2025-62435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62435"
}
],
"initial_release_date": "2025-11-03T00:00:00",
"last_revision_date": "2025-11-04T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0957",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-03T00:00:00.000000"
},
{
"description": "Ajout du risque CSRF et modification des liens \u00e9diteurs.",
"revision_date": "2025-11-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF) et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle ",
"vendor_advisories": [
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0041",
"url": "https://moodle.org/mod/forum/discuss.php?d=470381"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0045",
"url": "https://moodle.org/mod/forum/discuss.php?d=470385"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0044",
"url": "https://moodle.org/mod/forum/discuss.php?d=470384"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0050",
"url": "https://moodle.org/mod/forum/discuss.php?d=470390"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0048",
"url": "https://moodle.org/mod/forum/discuss.php?d=470388"
},
{
"published_at": "2025-08-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0038",
"url": "https://moodle.org/mod/forum/discuss.php?d=469491"
},
{
"published_at": "2025-08-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0040",
"url": "https://moodle.org/mod/forum/discuss.php?d=469493"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0049",
"url": "https://moodle.org/mod/forum/discuss.php?d=470389"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0046",
"url": "https://moodle.org/mod/forum/discuss.php?d=470386"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0042",
"url": "https://moodle.org/mod/forum/discuss.php?d=470382"
},
{
"published_at": "2025-08-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0039",
"url": "https://moodle.org/mod/forum/discuss.php?d=469492"
},
{
"published_at": "2025-08-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0037",
"url": "https://moodle.org/mod/forum/discuss.php?d=469490"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0047",
"url": "https://moodle.org/mod/forum/discuss.php?d=470387"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0043",
"url": "https://moodle.org/mod/forum/discuss.php?d=470383"
}
]
}
CERTFR-2025-AVI-0519
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une injection SQL (SQLi) et une falsification de requêtes côté serveur (SSRF).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.4.x ant\u00e9rieures \u00e0 4.4.9 ",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.5.x ant\u00e9rieures \u00e0 4.5.5",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 4.1.19",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 5.0.x ant\u00e9rieures \u00e0 5.0.1",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-49513",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49513"
},
{
"name": "CVE-2025-49515",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49515"
},
{
"name": "CVE-2025-49514",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49514"
},
{
"name": "CVE-2025-49512",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49512"
},
{
"name": "CVE-2025-49517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49517"
},
{
"name": "CVE-2025-49516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49516"
},
{
"name": "CVE-2025-49518",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49518"
},
{
"name": "CVE-2025-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46337"
}
],
"initial_release_date": "2025-06-18T00:00:00",
"last_revision_date": "2025-06-18T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0519",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une injection SQL (SQLi) et une falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0032",
"url": "https://moodle.org/mod/forum/discuss.php?d=468503"
},
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0030",
"url": "https://moodle.org/mod/forum/discuss.php?d=468501"
},
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0031",
"url": "https://moodle.org/mod/forum/discuss.php?d=468502"
},
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0033",
"url": "https://moodle.org/mod/forum/discuss.php?d=468504"
},
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0034",
"url": "https://moodle.org/mod/forum/discuss.php?d=468505"
},
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0035",
"url": "https://moodle.org/mod/forum/discuss.php?d=468506"
},
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0029",
"url": "https://moodle.org/mod/forum/discuss.php?d=468500"
},
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0036",
"url": "https://moodle.org/mod/forum/discuss.php?d=468507"
}
]
}
CERTFR-2025-AVI-0340
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.3.x ant\u00e9rieures \u00e0 4.3.12",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.5.x ant\u00e9rieures \u00e0 4.5.4",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.4.x ant\u00e9rieures \u00e0 4.4.8",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 4.1.18",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3643"
},
{
"name": "CVE-2025-3634",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3634"
},
{
"name": "CVE-2025-3641",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3641"
},
{
"name": "CVE-2025-3637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3637"
},
{
"name": "CVE-2025-3628",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3628"
},
{
"name": "CVE-2025-3647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3647"
},
{
"name": "CVE-2025-3625",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3625"
},
{
"name": "CVE-2025-3636",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3636"
},
{
"name": "CVE-2025-3642",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3642"
},
{
"name": "CVE-2025-3638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3638"
},
{
"name": "CVE-2025-3645",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3645"
},
{
"name": "CVE-2024-40446",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40446"
},
{
"name": "CVE-2025-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3640"
},
{
"name": "CVE-2025-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3627"
},
{
"name": "CVE-2025-3644",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3644"
},
{
"name": "CVE-2025-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3635"
}
],
"initial_release_date": "2025-04-22T00:00:00",
"last_revision_date": "2025-04-22T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0340",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0014",
"url": "https://moodle.org/mod/forum/discuss.php?d=467593"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0017",
"url": "https://moodle.org/mod/forum/discuss.php?d=467596"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0027",
"url": "https://moodle.org/mod/forum/discuss.php?d=467606"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0023",
"url": "https://moodle.org/mod/forum/discuss.php?d=467602"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0022",
"url": "https://moodle.org/mod/forum/discuss.php?d=467601"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0013",
"url": "https://moodle.org/mod/forum/discuss.php?d=467592"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0026",
"url": "https://moodle.org/mod/forum/discuss.php?d=467605"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0015",
"url": "https://moodle.org/mod/forum/discuss.php?d=467594"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0020",
"url": "https://moodle.org/mod/forum/discuss.php?d=467599"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0024",
"url": "https://moodle.org/mod/forum/discuss.php?d=467603"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0025",
"url": "https://moodle.org/mod/forum/discuss.php?d=467604"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0016",
"url": "https://moodle.org/mod/forum/discuss.php?d=467595"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0019",
"url": "https://moodle.org/mod/forum/discuss.php?d=467598"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0021",
"url": "https://moodle.org/mod/forum/discuss.php?d=467600"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0028",
"url": "https://moodle.org/mod/forum/discuss.php?d=467607"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0018",
"url": "https://moodle.org/mod/forum/discuss.php?d=467597"
}
]
}
CERTFR-2025-AVI-0242
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.4.x ant\u00e9rieures \u00e0 4.4.7",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.3.x ant\u00e9rieures \u00e0 4.3.11 ",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.5.x ant\u00e9rieures \u00e0 4.5.3",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 4.1.17",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2025-03-26T00:00:00",
"last_revision_date": "2025-03-26T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0242",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": "2025-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0011",
"url": "https://moodle.org/mod/forum/discuss.php?d=467084"
},
{
"published_at": "2025-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0012",
"url": "https://moodle.org/mod/forum/discuss.php?d=467086"
}
]
}
CERTFR-2025-AVI-0138
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.3.x ant\u00e9rieures \u00e0 4.3.10",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.16",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.5.x ant\u00e9rieures \u00e0 4.5.2",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.4.x ant\u00e9rieures \u00e0 4.4.6",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-26528",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26528"
},
{
"name": "CVE-2025-26529",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26529"
},
{
"name": "CVE-2024-38999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38999"
},
{
"name": "CVE-2025-26527",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26527"
},
{
"name": "CVE-2025-26533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26533"
},
{
"name": "CVE-2025-26532",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26532"
},
{
"name": "CVE-2025-26530",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26530"
},
{
"name": "CVE-2025-26526",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26526"
},
{
"name": "CVE-2025-26525",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26525"
},
{
"name": "CVE-2025-26531",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26531"
}
],
"initial_release_date": "2025-02-18T00:00:00",
"last_revision_date": "2025-02-18T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0138",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0006",
"url": "https://moodle.org/mod/forum/discuss.php?d=466146"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0003",
"url": "https://moodle.org/mod/forum/discuss.php?d=466143"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0002",
"url": "https://moodle.org/mod/forum/discuss.php?d=466142"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0004",
"url": "https://moodle.org/mod/forum/discuss.php?d=466144"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0007",
"url": "https://moodle.org/mod/forum/discuss.php?d=466147"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0008",
"url": "https://moodle.org/mod/forum/discuss.php?d=466148"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0009",
"url": "https://moodle.org/mod/forum/discuss.php?d=466149"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0005",
"url": "https://moodle.org/mod/forum/discuss.php?d=466145"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0010",
"url": "https://moodle.org/mod/forum/discuss.php?d=466150"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0001",
"url": "https://moodle.org/mod/forum/discuss.php?d=466141"
}
]
}
CERTFR-2024-AVI-1085
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.4.x ant\u00e9rieures \u00e0 4.4.5",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.15",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.5.x ant\u00e9rieures \u00e0 4.5.1",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.3.x ant\u00e9rieures \u00e0 4.3.9 ",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-55648",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55648"
},
{
"name": "CVE-2024-55644",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55644"
},
{
"name": "CVE-2024-55646",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55646"
},
{
"name": "CVE-2024-55645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55645"
},
{
"name": "CVE-2024-55643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55643"
},
{
"name": "CVE-2024-55647",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55647"
}
],
"initial_release_date": "2024-12-17T00:00:00",
"last_revision_date": "2024-12-17T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1085",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0056",
"url": "https://moodle.org/mod/forum/discuss.php?d=464559"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0052",
"url": "https://moodle.org/mod/forum/discuss.php?d=464555"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0055",
"url": "https://moodle.org/mod/forum/discuss.php?d=464558"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0054",
"url": "https://moodle.org/mod/forum/discuss.php?d=464557"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0053",
"url": "https://moodle.org/mod/forum/discuss.php?d=464556"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 464554",
"url": "https://moodle.org/mod/forum/discuss.php?d=464554"
}
]
}
CERTFR-2024-AVI-0876
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.2.x ant\u00e9rieures \u00e0 4.2.11 ",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.4.x ant\u00e9rieures \u00e0 4.4.4",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.3.x ant\u00e9rieures \u00e0 4.3.8",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 4.1.14",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-48900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48900"
},
{
"name": "CVE-2024-48901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48901"
},
{
"name": "CVE-2024-48898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48898"
},
{
"name": "CVE-2024-48897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48897"
},
{
"name": "CVE-2024-48896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48896"
},
{
"name": "CVE-2024-48899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48899"
}
],
"initial_release_date": "2024-10-14T00:00:00",
"last_revision_date": "2024-10-14T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0876",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": "2024-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0045",
"url": "https://moodle.org/mod/forum/discuss.php?d=462874"
},
{
"published_at": "2024-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0048",
"url": "https://moodle.org/mod/forum/discuss.php?d=462878"
},
{
"published_at": "2024-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0047",
"url": "https://moodle.org/mod/forum/discuss.php?d=462877"
},
{
"published_at": "2024-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0046",
"url": "https://moodle.org/mod/forum/discuss.php?d=462876"
},
{
"published_at": "2024-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0050",
"url": "https://moodle.org/mod/forum/discuss.php?d=462880"
},
{
"published_at": "2024-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0049",
"url": "https://moodle.org/mod/forum/discuss.php?d=462879"
}
]
}
CERTFR-2024-AVI-0756
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.3.x ant\u00e9rieures \u00e0 4.3.7",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.13",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.4.x ant\u00e9rieures \u00e0 4.4.3",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.2.x ant\u00e9rieures \u00e0 4.2.10 ",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-45690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45690"
},
{
"name": "CVE-2024-45689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45689"
},
{
"name": "CVE-2024-45691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45691"
}
],
"initial_release_date": "2024-09-10T00:00:00",
"last_revision_date": "2024-09-10T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0756",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0044",
"url": "https://moodle.org/mod/forum/discuss.php?d=461897"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0043",
"url": "https://moodle.org/mod/forum/discuss.php?d=461895"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0042",
"url": "https://moodle.org/mod/forum/discuss.php?d=461894"
}
]
}
CERTFR-2024-AVI-0149
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer un déni de service à distance, une injection de requêtes illégitimes par rebond (CSRF) et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.3.x ant\u00e9rieures \u00e0 4.3.3",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 4.1.9",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.2.x ant\u00e9rieures \u00e0 4.2.6",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-25981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25981"
},
{
"name": "CVE-2024-25982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25982"
},
{
"name": "CVE-2024-25979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25979"
},
{
"name": "CVE-2024-25980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25980"
},
{
"name": "CVE-2024-25978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25978"
},
{
"name": "CVE-2024-25983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25983"
}
],
"initial_release_date": "2024-02-20T00:00:00",
"last_revision_date": "2024-02-20T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0149",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eMoodle\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, une injection de requ\u00eates\nill\u00e9gitimes par rebond (CSRF) et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0004 du 19 f\u00e9vrier 2024",
"url": "https://moodle.org/mod/forum/discuss.php?d=455637"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0002 du 19 f\u00e9vrier 2024",
"url": "https://moodle.org/mod/forum/discuss.php?d=455635"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0006 du 19 f\u00e9vrier 2024",
"url": "https://moodle.org/mod/forum/discuss.php?d=455641"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0001 du 19 f\u00e9vrier 2024",
"url": "https://moodle.org/mod/forum/discuss.php?d=455634"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0005 du 19 f\u00e9vrier 2024",
"url": "https://moodle.org/mod/forum/discuss.php?d=455638"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0003 du 19 f\u00e9vrier 2024",
"url": "https://moodle.org/mod/forum/discuss.php?d=455636"
}
]
}
CERTFR-2023-AVI-1050
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moodle | Moodle | Moodle versions antérieures à 3.9.25 | ||
| Moodle | Moodle | Moodle versions 3.11.x antérieures à 3.11.18 | ||
| Moodle | Moodle | Moodle versions 4.0.x antérieures à 4.0.12 | ||
| Moodle | Moodle | Moodle versions 4.1.x antérieures à 4.1.7 | ||
| Moodle | Moodle | Moodle versions 4.2.x antérieures à 4.2.4 | ||
| Moodle | Moodle | Moodle versions 4.3.x antérieures à 4.3.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions ant\u00e9rieures \u00e0 3.9.25",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.18",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.12",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.7",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.2.x ant\u00e9rieures \u00e0 4.2.4",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.3.x ant\u00e9rieures \u00e0 4.3.1",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-6662",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6662"
},
{
"name": "CVE-2023-6667",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6667"
},
{
"name": "CVE-2023-6661",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6661"
},
{
"name": "CVE-2023-6663",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6663"
},
{
"name": "CVE-2023-6665",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6665"
},
{
"name": "CVE-2023-6670",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6670"
},
{
"name": "CVE-2023-6666",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6666"
},
{
"name": "CVE-2023-6664",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6664"
},
{
"name": "CVE-2023-6669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6669"
},
{
"name": "CVE-2023-6668",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6668"
}
],
"initial_release_date": "2023-12-21T00:00:00",
"last_revision_date": "2023-12-21T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-1050",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0053 du 21 d\u00e9cembre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=453767"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0047 du 21 d\u00e9cembre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=453761"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0051 du 21 d\u00e9cembre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=453765"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0049 du 21 d\u00e9cembre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=453763"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0046 du 21 d\u00e9cembre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=453760"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0052 du 21 d\u00e9cembre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=453766"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0048 du 21 d\u00e9cembre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=453762"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0050 du 21 d\u00e9cembre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=453764"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0045 du 21 d\u00e9cembre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=453759"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0044 du 21 d\u00e9cembre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=453758"
}
]
}
CERTFR-2023-AVI-0859
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moodle | Moodle | Moodle versions 4.2.x antérieures à 4.2.3 | ||
| Moodle | Moodle | Moodle versions 4.0.x antérieures à 4.0.11 | ||
| Moodle | Moodle | Moodle versions antérieures à 3.9.24 | ||
| Moodle | Moodle | Moodle versions 3.11.x antérieures à 3.11.17 | ||
| Moodle | Moodle | Moodle versions 4.1.x antérieures à 4.1.6 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.2.x ant\u00e9rieures \u00e0 4.2.3",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.11",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 3.9.24",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.17",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.6",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-5549",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5549"
},
{
"name": "CVE-2023-5550",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5550"
},
{
"name": "CVE-2023-5548",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5548"
},
{
"name": "CVE-2023-5551",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5551"
}
],
"initial_release_date": "2023-10-18T00:00:00",
"last_revision_date": "2023-10-18T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0859",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0040 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451589"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0041 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451590"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0043 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451592"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0042 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451591"
}
]
}
CERTFR-2023-AVI-0854
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moodle | Moodle | Moodle versions 4.2.x antérieures à 4.2.3 | ||
| Moodle | Moodle | Moodle versions 4.0.x antérieures à 4.0.11 | ||
| Moodle | Moodle | Moodle versions antérieures à 3.9.24 | ||
| Moodle | Moodle | Moodle versions 3.11.x antérieures à 3.11.17 | ||
| Moodle | Moodle | Moodle versions 4.1.x antérieures à 4.1.6 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.2.x ant\u00e9rieures \u00e0 4.2.3",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.11",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 3.9.24",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.17",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.6",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-5543",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5543"
},
{
"name": "CVE-2023-5541",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5541"
},
{
"name": "CVE-2023-5544",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5544"
},
{
"name": "CVE-2023-5539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5539"
},
{
"name": "CVE-2023-5540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5540"
},
{
"name": "CVE-2023-5542",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5542"
},
{
"name": "CVE-2023-5547",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5547"
},
{
"name": "CVE-2023-5545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5545"
},
{
"name": "CVE-2023-5546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5546"
}
],
"initial_release_date": "2023-10-17T00:00:00",
"last_revision_date": "2023-10-18T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0854",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-17T00:00:00.000000"
},
{
"description": "La version 3.9.23 est vuln\u00e9rable, la version 3.9.24 ne l\u0027est pas.",
"revision_date": "2023-10-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0034 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451583"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0033 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451582"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0035 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451584"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0037 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451586"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0036 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451585"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0032 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451581"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0038 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451587"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0039 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451588"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0031 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451580"
}
]
}
CERTFR-2023-AVI-0671
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moodle | Moodle | Moodle versions antérieures à 3.9.23 | ||
| Moodle | Moodle | Moodle versions 3.11.x antérieures à 3.11.16 | ||
| Moodle | Moodle | Moodle versions 4.0.x antérieures à 4.0.10 | ||
| Moodle | Moodle | Moodle versions 4.1.x antérieures à 4.1.5 | ||
| Moodle | Moodle | Moodle versions 4.2.x antérieures à 4.2.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions ant\u00e9rieures \u00e0 3.9.23",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.16",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.10",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.5",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.2.x ant\u00e9rieures \u00e0 4.2.2",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-40324",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40324"
},
{
"name": "CVE-2023-40323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40323"
},
{
"name": "CVE-2023-40319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40319"
},
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2023-40318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40318"
},
{
"name": "CVE-2023-40320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40320"
},
{
"name": "CVE-2023-40322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40322"
},
{
"name": "CVE-2023-40316",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40316"
},
{
"name": "CVE-2023-40321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40321"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2022-39369",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39369"
},
{
"name": "CVE-2023-40325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40325"
},
{
"name": "CVE-2023-40317",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40317"
}
],
"initial_release_date": "2023-08-21T00:00:00",
"last_revision_date": "2023-08-21T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0671",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0020 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449641"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0026 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449647"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0025 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449646"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0024 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449645"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0030 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449651"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0028 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449649"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0029 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449650"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0023 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449644"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0021 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449642"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0022 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449643"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0027 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449648"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0019 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449640"
}
]
}
CERTFR-2023-AVI-0476
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS), une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moodle | Moodle | Moodle versions 3.9.x antérieures à 3.9.22 | ||
| Moodle | Moodle | Moodle versions 3.11.x antérieures à 3.11.15 | ||
| Moodle | Moodle | Moodle versions 4.1.x antérieures à 4.1.4 | ||
| Moodle | Moodle | Moodle versions 4.0.x antérieures à 4.0.9 | ||
| Moodle | Moodle | Moodle versions 4.2.x antérieures à 4.2.1 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 3.9.x ant\u00e9rieures \u00e0 3.9.22",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.15",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.4",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.9",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.2.x ant\u00e9rieures \u00e0 4.2.1",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-35132",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35132"
},
{
"name": "CVE-2023-35131",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35131"
},
{
"name": "CVE-2023-35133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35133"
}
],
"initial_release_date": "2023-06-19T00:00:00",
"last_revision_date": "2023-06-19T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0476",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eMoodle\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une injection de code indirecte \u00e0 distance (XSS), une\nex\u00e9cution de code arbitraire \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0017 du 19 juin 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=447830"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0018 du 19 juin 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=447831"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0016 du 19 juin 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=447829"
}
]
}
CERTFR-2023-AVI-0352
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.8",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.14",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.9.x ant\u00e9rieures \u00e0 3.9.21",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.3",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-30943",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30943"
},
{
"name": "CVE-2023-30944",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30944"
}
],
"initial_release_date": "2023-05-03T00:00:00",
"last_revision_date": "2023-05-03T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0352",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0014 du 01 mai 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=446285"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0015 du 01 mai 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=446286"
}
]
}
CERTFR-2023-AVI-0246
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Moodle. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS), une injection de requêtes illégitimes par rebond (CSRF), un contournement de la politique de sécurité et une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.2",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.7",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.9.x ant\u00e9rieures \u00e0 3.9.20",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.13",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-28331",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28331"
},
{
"name": "CVE-2023-28333",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28333"
},
{
"name": "CVE-2022-23494",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23494"
},
{
"name": "CVE-2023-28330",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28330"
},
{
"name": "CVE-2023-28334",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28334"
},
{
"name": "CVE-2023-1402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1402"
},
{
"name": "CVE-2023-28329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28329"
},
{
"name": "CVE-2023-28332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28332"
},
{
"name": "CVE-2023-28335",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28335"
},
{
"name": "CVE-2023-28336",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28336"
}
],
"initial_release_date": "2023-03-21T00:00:00",
"last_revision_date": "2023-03-21T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Moodle\u00a0MSA-23-0005 du 20 mars 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=445062"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Moodle\u00a0MSA-23-0007 du 20 mars 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=445064"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Moodle\u00a0MSA-23-0006 du 20 mars 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=445063"
}
],
"reference": "CERTFR-2023-AVI-0246",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMoodle\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une injection de code indirecte \u00e0 distance (XSS), une\ninjection de requ\u00eates ill\u00e9gitimes par rebond (CSRF), un contournement de\nla politique de s\u00e9curit\u00e9 et une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0004 du 20 mars 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=445061"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0009 du 20 mars 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=445066"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0011 du 20 mars 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=445068"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0005 du 20 mars 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0012 du 20 mars 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=445069"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0006 du 20 mars 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0008 du 20 mars 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=445065"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0013 du 21 mars 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=445070"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0007 du 20 mars 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0010 du 20 mars 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=445067"
}
]
}
CERTFR-2023-AVI-0054
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une atteinte à l'intégrité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.12",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.1",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.9.x ant\u00e9rieures \u00e0 3.9.19",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.6",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2023-01-24T00:00:00",
"last_revision_date": "2023-01-24T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0054",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-01-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\ninjection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0003 du 24 janvier 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=443274"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0002 du 24 janvier 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=443273"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0001 du 24 janvier 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=443272"
}
]
}
CERTFR-2022-AVI-1046
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.11",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 3.9.18",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.5",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-45150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45150"
},
{
"name": "CVE-2022-45152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45152"
},
{
"name": "CVE-2021-23414",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23414"
},
{
"name": "CVE-2022-45149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45149"
},
{
"name": "CVE-2022-45151",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45151"
}
],
"initial_release_date": "2022-11-22T00:00:00",
"last_revision_date": "2022-11-22T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1046",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance et une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-22-0030 du 21 novembre 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=440770"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-22-0028 du 21 novembre 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=440767"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-22-0031 du 21 novembre 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=440771"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-22-0029 du 21 novembre 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=440769"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-22-0032 du 21 novembre 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=440772"
}
]
}
CERTFR-2022-AVI-861
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Moodle. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 3.9.x ant\u00e9rieures \u00e0 3.9.16",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.3",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.9",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-40208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40208"
}
],
"initial_release_date": "2022-09-28T00:00:00",
"last_revision_date": "2022-09-28T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-861",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-09-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Moodle. Elle permet \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-22-0027 du 27 septembre 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=438761"
}
]
}
CERTFR-2022-AVI-837
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 3.9.x ant\u00e9rieures \u00e0 3.9.17",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.10",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.4",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-40316",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40316"
},
{
"name": "CVE-2022-40313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40313"
},
{
"name": "CVE-2022-40315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40315"
},
{
"name": "CVE-2022-40314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40314"
}
],
"initial_release_date": "2022-09-20T00:00:00",
"last_revision_date": "2022-09-20T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-837",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-09-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\ninjection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 438392 du 19 septembre 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=438392"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 438394 du 19 septembre 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=438394"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 438393 du 19 septembre 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=438393"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 438395 du 19 septembre 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=438395"
}
]
}
CVE-2021-47857 (GCVE-0-2021-47857)
Vulnerability from cvelistv5
Published
2026-01-21 17:27
Modified
2026-03-05 01:28
Severity ?
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. Attackers can craft a calendar event with malicious JavaScript in the subtitle track label to execute arbitrary code when users view the event.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47857",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T22:09:26.881063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T22:09:37.406Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Moodle",
"vendor": "Moodle",
"versions": [
{
"status": "affected",
"version": "3.10.3"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moodle:moodle:3.10.3:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vincent666 ibn Winnie"
}
],
"datePublic": "2021-03-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. Attackers can craft a calendar event with malicious JavaScript in the subtitle track label to execute arbitrary code when users view the event."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:28:54.718Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49714",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49714"
},
{
"name": "Official Moodle Project Homepage",
"tags": [
"product"
],
"url": "https://moodle.org/"
},
{
"name": "VulnCheck Advisory: Moodle 3.10.3 - \u0027label\u0027 Persistent Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/moodle-label-persistent-cross-site-scripting"
}
],
"title": "Moodle 3.10.3 - \u0027label\u0027 Persistent Cross Site Scripting",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47857",
"datePublished": "2026-01-21T17:27:39.382Z",
"dateReserved": "2026-01-14T17:11:19.904Z",
"dateUpdated": "2026-03-05T01:28:54.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53021 (GCVE-0-2025-53021)
Vulnerability from cvelistv5
Published
2025-06-24 00:00
Modified
2025-06-24 19:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-384 - Session Fixation
Summary
A session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to hijack user sessions via the sesskey parameter. The sesskey can be obtained without authentication and reused within the OAuth2 login flow, resulting in the victim's session being linked to the attacker's. Successful exploitation results in full account takeover. According to the Moodle Releases page, "Bug fixes for security issues in 3.11.x ended 11 December 2023." NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53021",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T19:46:30.849426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T19:46:49.641Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Moodle",
"vendor": "Moodle",
"versions": [
{
"lessThanOrEqual": "3.11.18",
"status": "affected",
"version": "3",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.11.18",
"versionStartIncluding": "3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to hijack user sessions via the sesskey parameter. The sesskey can be obtained without authentication and reused within the OAuth2 login flow, resulting in the victim\u0027s session being linked to the attacker\u0027s. Successful exploitation results in full account takeover. According to the Moodle Releases page, \"Bug fixes for security issues in 3.11.x ended 11 December 2023.\" NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T19:22:54.821Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://rentry.co/moodle-oauth2-cve"
},
{
"url": "https://github.com/moodle/moodle/releases/tag/v3.11.18"
},
{
"url": "https://moodledev.io/general/releases#moodle-311"
}
],
"tags": [
"unsupported-when-assigned"
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-53021",
"datePublished": "2025-06-24T00:00:00.000Z",
"dateReserved": "2025-06-24T00:00:00.000Z",
"dateUpdated": "2025-06-24T19:46:49.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38277 (GCVE-0-2024-38277)
Vulnerability from cvelistv5
Published
2024-06-18 19:49
Modified
2025-02-13 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T15:55:16.520252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326 Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T16:50:08.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:04:25.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=459502"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Moodle",
"vendor": "Moodle",
"versions": [
{
"status": "affected",
"version": "4.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.3.4",
"status": "affected",
"version": "4.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.2.7",
"status": "affected",
"version": "4.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.1.10",
"status": "affected",
"version": "4.1",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-06-18T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cpre\u003e\u003cpre\u003e\u003cpre\u003eA unique key should be generated for a user\u0027s QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.\u003c/pre\u003e\u003c/pre\u003e\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "A unique key should be generated for a user\u0027s QR login key and their auto-login key, so the same key cannot be used interchangeably between the two."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-324",
"description": "CWE-324",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T03:05:58.874Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "https://moodle.org/mod/forum/discuss.php?d=459502"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/"
}
],
"title": "moodle: QR login key and auto-login key for the Moodle mobile app should be generated as separate keys"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2024-38277",
"datePublished": "2024-06-18T19:49:52.092Z",
"dateReserved": "2024-06-12T14:08:44.048Z",
"dateUpdated": "2025-02-13T17:53:03.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38276 (GCVE-0-2024-38276)
Vulnerability from cvelistv5
Published
2024-06-18 19:49
Modified
2025-03-26 13:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Incorrect CSRF token checks resulted in multiple CSRF risks.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38276",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T17:33:38.293574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T13:51:51.231Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:04:25.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=459501"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Moodle",
"vendor": "Moodle",
"versions": [
{
"status": "affected",
"version": "4.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.3.4",
"status": "affected",
"version": "4.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.2.7",
"status": "affected",
"version": "4.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.1.10",
"status": "affected",
"version": "4.1",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-06-18T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cpre\u003e\u003cbr\u003e\u003cpre\u003eIncorrect CSRF token checks resulted in multiple CSRF risks.\u003c/pre\u003e\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "Incorrect CSRF token checks resulted in multiple CSRF risks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T03:06:02.117Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "https://moodle.org/mod/forum/discuss.php?d=459501"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/"
}
],
"title": "moodle: CSRF risks due to misuse of confirm_sesskey"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2024-38276",
"datePublished": "2024-06-18T19:49:40.339Z",
"dateReserved": "2024-06-12T14:08:44.047Z",
"dateUpdated": "2025-03-26T13:51:51.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38275 (GCVE-0-2024-38275)
Vulnerability from cvelistv5
Published
2024-06-18 19:49
Modified
2024-08-02 04:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:moodle:moodle:4.1.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "moodle",
"vendor": "moodle",
"versions": [
{
"lessThanOrEqual": "4.1.10",
"status": "affected",
"version": "4.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moodle:moodle:4.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "moodle",
"vendor": "moodle",
"versions": [
{
"lessThanOrEqual": "4.2.7",
"status": "affected",
"version": "4.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moodle:moodle:4.3.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "moodle",
"vendor": "moodle",
"versions": [
{
"lessThanOrEqual": "4.3.4",
"status": "affected",
"version": "4.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moodle:moodle:4.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "moodle",
"vendor": "moodle",
"versions": [
{
"lessThan": "4.4.1",
"status": "affected",
"version": "4.4.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38275",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T13:36:09.482006Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T19:52:54.464Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:04:25.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=459500"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Moodle",
"vendor": "Moodle",
"versions": [
{
"status": "affected",
"version": "4.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.3.4",
"status": "affected",
"version": "4.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.2.7",
"status": "affected",
"version": "4.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.1.10",
"status": "affected",
"version": "4.1",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-06-18T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cpre\u003eThe cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-226",
"description": "CWE-226",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T19:49:26.986Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "https://moodle.org/mod/forum/discuss.php?d=459500"
}
],
"title": "moodle: HTTP authorization header is preserved between \"emulated redirects\""
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2024-38275",
"datePublished": "2024-06-18T19:49:26.986Z",
"dateReserved": "2024-06-12T14:08:44.047Z",
"dateUpdated": "2024-08-02T04:04:25.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38274 (GCVE-0-2024-38274)
Vulnerability from cvelistv5
Published
2024-06-18 19:49
Modified
2025-02-13 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T18:37:02.375763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T23:08:46.229Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:04:25.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=459499"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Moodle",
"vendor": "Moodle",
"versions": [
{
"status": "affected",
"version": "4.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.3.4",
"status": "affected",
"version": "4.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.2.7",
"status": "affected",
"version": "4.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.1.10",
"status": "affected",
"version": "4.1",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-06-18T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cpre\u003e\u003cpre\u003eInsufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.\u003c/pre\u003e\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T03:06:00.430Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "https://moodle.org/mod/forum/discuss.php?d=459499"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/"
}
],
"title": "moodle: stored XSS via calendar\u0027s event title when deleting the event"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2024-38274",
"datePublished": "2024-06-18T19:49:15.739Z",
"dateReserved": "2024-06-12T14:08:44.047Z",
"dateUpdated": "2025-02-13T17:53:02.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38273 (GCVE-0-2024-38273)
Vulnerability from cvelistv5
Published
2024-06-18 19:49
Modified
2025-02-13 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38273",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T18:54:37.587791Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T15:32:57.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:04:25.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=459498"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Moodle",
"vendor": "Moodle",
"versions": [
{
"status": "affected",
"version": "4.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.3.4",
"status": "affected",
"version": "4.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.2.7",
"status": "affected",
"version": "4.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.1.10",
"status": "affected",
"version": "4.1",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-06-18T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cpre\u003eInsufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.\n\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T03:05:57.322Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "https://moodle.org/mod/forum/discuss.php?d=459498"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/"
}
],
"title": "moodle: BigBlueButton web service leaks meeting joining information to users who should not have access"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2024-38273",
"datePublished": "2024-06-18T19:49:02.639Z",
"dateReserved": "2024-06-12T14:08:44.047Z",
"dateUpdated": "2025-02-13T17:53:01.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33996 (GCVE-0-2024-33996)
Vulnerability from cvelistv5
Published
2024-05-31 19:29
Modified
2024-08-02 02:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:moodle:moodle:4.0.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moodle",
"vendor": "moodle",
"versions": [
{
"lessThanOrEqual": "4.3.3",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moodle:moodle:4.1.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moodle",
"vendor": "moodle",
"versions": [
{
"lessThanOrEqual": "4.1.9",
"status": "affected",
"version": "4.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moodle:moodle:4.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moodle",
"vendor": "moodle",
"versions": [
{
"lessThanOrEqual": "4.2.6",
"status": "affected",
"version": "4.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-33996",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-01T13:14:42.992969Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:43:56.027Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:42:59.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=458384#p1840909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"packageName": "Moodle",
"product": "Moodle",
"vendor": "Moodle",
"versions": [
{
"lessThanOrEqual": "4.3.3",
"status": "affected",
"version": "4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.2.6",
"status": "affected",
"version": "4.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.1.9",
"status": "affected",
"version": "4.1",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-05-20T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cpre\u003eIncorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-31T19:29:07.256Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "https://moodle.org/mod/forum/discuss.php?d=458384#p1840909"
}
],
"title": "moodle: broken access control when setting calendar event type"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2024-33996",
"datePublished": "2024-05-31T19:29:07.256Z",
"dateReserved": "2024-04-29T13:02:30.265Z",
"dateUpdated": "2024-08-02T02:42:59.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}