Episode 108: Hack Exposes 150,000 Security Cameras at Tesla, Cloudflare and Others

A data breach exposes 150,000 security cameras used by organizations around the world, including Tesla and Cloudflare. State-sponsored hacking groups exploit Microsoft Exchange vulnerabilities. A fire in a French data center belonging to hosting company OVH affects millions of websites, including some prominent WordPress services like Imagify and WP Rocket. WordPress 5.7 was released this […] More info: https://www.wordfence.com/blog/2021/03/episode-108-hack-exposes-150000-security-cameras-at-tesla-cloudflare-and-others/

MSA-21-0008: User full name disclosure within online users block

by Michael Hawkins. It was possible for some users without permission to view other users full names to do so via the online users block.Severity/Risk:MinorVersions affected:3.10 to 3.10.1, 3.9 to 3.9.4, 3.8 to 3.8.7, 3.5 to 3.5.16 and earlier unsupported versionsVersions fixed:3.10.2, 3.9.5, 3.8.8 and 3.5.17Reported by:Ankit AgarwalWorkaround:Hide the online users block (via Site administration > Plugins > Blocks > Manage blocks) until the patch has been applied.CVE More info: https://moodle.org/mod/forum/discuss.php?d=419652&parent=1691268

MSA-21-0009: Bypass email verification secret when confirming account registration

by Michael Hawkins. When creating a user account, it was possible to verify the account without having access to the verification email link/secret.Severity/Risk:MinorVersions affected:3.10 to 3.10.1, 3.9 to 3.9.4, 3.8 to 3.8.7, 3.5 to 3.5.16 and earlier unsupported versionsVersions fixed:3.10.2, 3.9.5, 3.8.8 and 3.5.17Reported by:BandjesCVE identifier:CVE-2021-20282Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-70668Tracker More info: https://moodle.org/mod/forum/discuss.php?d=419653&parent=1691269

MSA-21-0010: Fetching a users enrolled courses via web services did not check profile access in each course

by Michael Hawkins. The web service responsible for fetching other users enrolled courses did not validate that the requesting user had permission to view that information in each course.Severity/Risk:MinorVersions affected:3.10 to 3.10.1, 3.9 to 3.9.4, 3.8 to 3.8.7, 3.5 to 3.5.16 and earlier unsupported versionsVersions fixed:3.10.2, 3.9.5, 3.8.8 and 3.5.17Reported by:Paul HoldenCVE identifier:CVE-2021-20283Changes More info: https://moodle.org/mod/forum/discuss.php?d=419654&parent=1691273

MSA-21-0011: JQuery versions below 3.5.0 contain some potential vulnerabilities (upstream)

by Michael Hawkins. The JQuery version used by Moodle required upgrading to 3.5.1 to patch some published potential vulnerabilities.Severity/Risk:MinorVersions affected:3.10 to 3.10.1, 3.9 to 3.9.4, 3.8 to 3.8.7, 3.5 to 3.5.16 and earlier unsupported versionsVersions fixed:3.10.2, 3.9.5, 3.8.8 and 3.5.17Reported by:Mike HenryCVE identifiers:CVE-2020-11022 and CVE-2020-11023Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69680Tracker More info: https://moodle.org/mod/forum/discuss.php?d=419655&parent=1691274

MSA-21-0007: Stored XSS and blind SSRF possible via feedback answer text

by Michael Hawkins. Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks.Severity/Risk:SeriousVersions affected:3.10 to 3.10.1, 3.9 to 3.9.4, 3.8 to 3.8.7, 3.5 to 3.5.16 and earlier unsupported versionsVersions fixed:3.10.2, 3.9.5, 3.8.8 and 3.5.17Reported by:Holme and Rekter0CVE identifier:CVE-2021-20280Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-70767Tracker issue:MDL-70767 Stored XSS More info: https://moodle.org/mod/forum/discuss.php?d=419651&parent=1691260

MSA-21-0007: Stored XSS and blind SSRF possible via feedback answer text

by Michael Hawkins. Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks.Severity/Risk:SeriousVersions affected:3.10 to 3.10.1, 3.9 to 3.9.4, 3.8 to 3.8.7, 3.5 to 3.5.16 and earlier unsupported versionsVersions fixed:3.10.2, 3.9.5, 3.8.8 and 3.5.17Reported by:Holme and Rekter0CVE identifier:CVE-2021-20280Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-70767Tracker issue:MDL-70767 Stored XSS More info: https://moodle.org/mod/forum/discuss.php?d=419651&parent=1691260

MSA-21-0006: Stored XSS via ID number user profile field

by Michael Hawkins. The ID number user profile field required additional sanitizing to prevent a stored XSS risk.Severity/Risk:SeriousVersions affected:3.10 to 3.10.1, 3.9 to 3.9.4, 3.8 to 3.8.7, 3.5 to 3.5.16 and earlier unsupported versionsVersions fixed:3.10.2, 3.9.5, 3.8.8 and 3.5.17Reported by:Magyar-Hunor TamasWorkaround:Disable the ID number field by unchecking it in Site admin > Users > User policies > Show user identity, until the patch has been applied.CVE More info: https://moodle.org/mod/forum/discuss.php?d=419650&parent=1691259

MSA-21-0006: Stored XSS via ID number user profile field

by Michael Hawkins. The ID number user profile field required additional sanitizing to prevent a stored XSS risk.Severity/Risk:SeriousVersions affected:3.10 to 3.10.1, 3.9 to 3.9.4, 3.8 to 3.8.7, 3.5 to 3.5.16 and earlier unsupported versionsVersions fixed:3.10.2, 3.9.5, 3.8.8 and 3.5.17Reported by:Magyar-Hunor TamasWorkaround:Disable the ID number field by unchecking it in Site admin > Users > User policies > Show user identity, until the patch has been applied.CVE More info: https://moodle.org/mod/forum/discuss.php?d=419650&parent=1691259
Translate »