A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. This vulnerability is due to the unintended exposure of sensitive information. An attacker could exploit this vulnerability by inspecting the responses from the API. Under certain circumstances, a successful exploit could allow the attacker to access the API with the privileges of a higher-level
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-privesc-QFXe74RS?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20DNA%20Center%20Privilege%20Escalation%20Vulnerability&vs_k=1
A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to insufficient validation of data boundaries. An attacker could exploit this vulnerability by sending crafted DHCPv6 messages to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly. Cisco has released
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-dhcpv6-dos-44cMvdDK?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20IPv6%20DHCP%20(DHCPv6)%20Relay%20and%20Server%20Denial%20of%20Service%20Vulnerability&vs_k=1
by Michael Hawkins. The TinyMCE editor included with Moodle required a security patch to be applied to fix an XSS risk.Severity/Risk:MinorVersions affected:4.1 to 4.1.1Versions fixed:4.1.2Reported by:Andrew LyonsCVE identifier:CVE-2022-23494Changes (master):N/ATracker issue:MDL-77470 XSS risk in TinyMCE alerts (upstream)
More info:
https://moodle.org/mod/forum/discuss.php?d=445070&parent=1788903
by Michael Hawkins. Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).Severity/Risk:SeriousVersions affected:4.1 to 4.1.1, 4.0 to 4.0.6, 3.11 to 3.11.12, 3.9 to 3.9.19 and earlier unsupported versionsVersions fixed:4.1.2, 4.0.7, 3.11.13 and 3.9.20Reported by:Vincent Schneider (cli-ish)CVE identifier:CVE-2023-28329Changes
More info:
https://moodle.org/mod/forum/discuss.php?d=445061&parent=1788894
by Michael Hawkins. Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.Severity/Risk:SeriousVersions affected:4.1 to 4.1.1, 4.0 to 4.0.6, 3.11 to 3.11.12, 3.9 to 3.9.19 and earlier unsupported versionsVersions fixed:4.1.2, 4.0.7, 3.11.13 and 3.9.20Reported by:Vincent Schneider (cli-ish)Workaround:Remove restore activity/course capabilities until the patch is applied.CVE
More info:
https://moodle.org/mod/forum/discuss.php?d=445062&parent=1788895
by Michael Hawkins. Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk.Severity/Risk:SeriousVersions affected:4.1 to 4.1.1, 4.0 to 4.0.6, 3.11 to 3.11.12, 3.9 to 3.9.19 and earlier unsupported versionsVersions fixed:4.1.2, 4.0.7, 3.11.13 and 3.9.20Reported by:Petr SkodaWorkaround:Disable the database auto-linking filter until the patch has been applied.CVE identifier:CVE-2023-28331Changes
More info:
https://moodle.org/mod/forum/discuss.php?d=445063&parent=1788896
by Michael Hawkins. If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.Severity/Risk:MinorVersions affected:4.1 to 4.1.1, 4.0 to 4.0.6, 3.11 to 3.11.12, 3.9 to 3.9.19 and earlier unsupported versionsVersions fixed:4.1.2, 4.0.7, 3.11.13 and 3.9.20Reported by:Petr SkodaWorkaround:Ensure that if the algebra filter is enabled, it is correctly configured and functional (otherwise, ensure it is disabled).CVE
More info:
https://moodle.org/mod/forum/discuss.php?d=445064&parent=1788897
by Michael Hawkins. Authenticated users were able to enumerate other users names via the learning plans page.Severity/Risk:MinorVersions affected:4.1 to 4.1.1 and 4.0 to 4.0.6Versions fixed:4.1.2 and 4.0.7Reported by:Paul HoldenCVE identifier:CVE-2023-28334Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77129Tracker issue:MDL-77129 Users name enumeration possible via IDOR on learning plans page
More info:
https://moodle.org/mod/forum/discuss.php?d=445066&parent=1788899
by Michael Hawkins. The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).Severity/Risk:MinorVersions affected:4.1 to 4.1.1, 4.0 to 4.0.6, 3.11 to 3.11.12, 3.9 to 3.9.19 and earlier unsupported versionsVersions fixed:4.1.2, 4.0.7, 3.11.13 and 3.9.20Reported by:Lars BonczekCVE identifier:CVE-2023-28333Changes
More info:
https://moodle.org/mod/forum/discuss.php?d=445065&parent=1788898
by Michael Hawkins. Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.Severity/Risk:MinorVersions affected:4.1 to 4.1.1, 4.0 to 4.0.6, 3.11 to 3.11.12, 3.9 to 3.9.19 and earlier unsupported versionsVersions fixed:4.1.2, 4.0.7, 3.11.13 and 3.9.20Reported by:DegrangeMCVE identifier:CVE-2023-28336Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76809Tracker
More info:
https://moodle.org/mod/forum/discuss.php?d=445068&parent=1788901
