OpenSSL vulnerabilities CVE-2022-1292 and CVE-2022-2068 Security Advisory Security Advisory Description CVE-2022-1292 The c_rehash script does not properly sanitise shell metacharacters to prevent ...
More info:
https://support.f5.com/csp/article/K21600298?utm_source=f5support&utm_medium=RSS
di Michael Hawkins. The mobile auto-login URL required additional sanitizing to prevent an open redirect risk.Severity/Risk:MinorVersions affected:4.0 to 4.0.1, 3.11 to 3.11.7, 3.9 to 3.9.14 and earlier unsupported versionsVersions fixed:4.0.2, 3.11.8 and 3.9.15Reported by:petermasterCVE identifier:CVE-2022-35652Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72171Tracker issue:MDL-72171 Open redirect risk in mobile auto-login feature
More info:
https://moodle.org/mod/forum/discuss.php?d=436459&parent=1756387
di Michael Hawkins. A minor reflected XSS risk was identified in the LTI module. This did not impact authenticated users.Severity/Risk:MinorVersions affected:4.0 to 4.0.1, 3.11 to 3.11.7, 3.9 to 3.9.14 and earlier unsupported versionsVersions fixed:4.0.2, 3.11.8 and 3.9.15Reported by:Luuk VerhoevenCVE identifier:CVE-2022-35653Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72299Tracker issue:MDL-72299 LTI module reflected XSS risk -
More info:
https://moodle.org/mod/forum/discuss.php?d=436460&parent=1756388
di Michael Hawkins. The Mustache template library included with Moodle has been upgraded to the latest version, which includes a fix for a serious security issue.Severity/Risk:SeriousVersions affected:4.0 to 4.0.2, 3.11 to 3.11.8, 3.9 to 3.9.15 and earlier unsupported versionsVersions fixed:4.0.3, 3.11.9 and 3.9.16Reported by:Lars BonczekCVE identifier:CVE-2022-0323Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75388Tracker issue:MDL-75388
More info:
https://moodle.org/mod/forum/discuss.php?d=437684&parent=1761481
di Michael Hawkins. The upstream Moodle machine learning backend and its reference in /lib/mlbackend/python/classes/processor.php were upgraded, which includes some security updates. Please note:If you are using Moodle Analytics, an upgrade to the mlbackend is required. See the Analytics settings documentation for more information about required versions and how to upgrade.Severity/Risk:MinorVersions affected:4.0 to 4.0.1, 3.11 to 3.11.7, 3.9 to 3.9.14 and earlier unsupported versionsVersions
More info:
https://moodle.org/mod/forum/discuss.php?d=436461&parent=1756389
di Michael Hawkins. Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.Severity/Risk:SeriousVersions affected:4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versionsVersions fixed:4.0.4, 3.11.10 and 3.9.17Reported by:Adam Roberts, NCC GroupCVE identifier:CVE-2022-40313Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-68066Tracker
More info:
https://moodle.org/mod/forum/discuss.php?d=438392&parent=1764793
di Michael Hawkins. Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk.Severity/Risk:MinorVersions affected:4.0 to 4.0.2 and 3.11 to 3.11.8Versions fixed:4.0.3 and 3.11.9Reported by:Paul HoldenCVE identifier:CVE-2022-2986Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75326Tracker issue:MDL-75326 CSRF risk in enabling/disabling installed H5P libraries
More info:
https://moodle.org/mod/forum/discuss.php?d=437685&parent=1761482
di Michael Hawkins. A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.Severity/Risk:SeriousVersions affected:4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versionsVersions fixed:4.0.4, 3.11.10 and 3.9.17Reported by:Paul HoldenCVE identifier:CVE-2022-40314Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75405Tracker issue:MDL-75405 Remote code execution risk when
More info:
https://moodle.org/mod/forum/discuss.php?d=438393&parent=1764794
