Update April 25, 2023 Today VMware has released the following new security advisory: VMSA-2023-0008 – VMware Workstation and Fusion updates address multiple security vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, CVE-2023-20872) The advisory documents the remediation of the Critical and Important severity vulnerabilities demonstrated at the Pwn2Own 2023 contest (CVE-2023-20869, CVE-2023-20870). Customers should review the security advisory and … ContinuedThe post
More info:
https://blogs.vmware.com/security/2023/03/vmware-and-pwn2own-vancouver-2023.html?utm_source=rss&utm_medium=rss&utm_campaign=vmware-and-pwn2own-vancouver-2023
Greetings from the VMware Security Response Center! Today we wanted to address CVE-2023-29552 – a vulnerability in SLP that could allow for a reflective denial-of-service amplification attack that was disclosed on April 25th, 2023. VMware has investigated this vulnerability and determined that currently supported ESXi releases (ESXi 7.x and 8.x lines) are not impacted. However, … ContinuedThe post VMware Response to CVE-2023-29552 – Reflective Denial-of-Service (DoS)
More info:
https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp.html?utm_source=rss&utm_medium=rss&utm_campaign=vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp
Initial Publication Date: 04/25/2023 10:00AM EST A security researcher recently reported an issue with AWS’s recently-released (November 16th, 2022) support for multiple multi-factor authentication (MFA) devices for IAM user principals. The reported issue could have potentially arisen only when the following three conditions were met: (1) An IAM user had possession of long-term access key (AK)/secret key (SK) credentials, (2) that IAM user had the privilege to add an MFA to their own
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2023-001/
von Michael Hawkins. Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).Severity/Risk:SeriousVersions affected:4.1 to 4.1.1, 4.0 to 4.0.6, 3.11 to 3.11.12, 3.9 to 3.9.19 and earlier unsupported versionsVersions fixed:4.1.2, 4.0.7, 3.11.13 and 3.9.20Reported by:Vincent Schneider (cli-ish)CVE identifier:CVE-2023-28329Changes
More info:
https://moodle.org/mod/forum/discuss.php?d=445061&parent=1788894
von Michael Hawkins. Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.Severity/Risk:SeriousVersions affected:4.1 to 4.1.1, 4.0 to 4.0.6, 3.11 to 3.11.12, 3.9 to 3.9.19 and earlier unsupported versionsVersions fixed:4.1.2, 4.0.7, 3.11.13 and 3.9.20Reported by:Vincent Schneider (cli-ish)Workaround:Remove restore activity/course capabilities until the patch is applied.CVE
More info:
https://moodle.org/mod/forum/discuss.php?d=445062&parent=1788895
von Michael Hawkins. If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.Severity/Risk:MinorVersions affected:4.1 to 4.1.1, 4.0 to 4.0.6, 3.11 to 3.11.12, 3.9 to 3.9.19 and earlier unsupported versionsVersions fixed:4.1.2, 4.0.7, 3.11.13 and 3.9.20Reported by:Petr SkodaWorkaround:Ensure that if the algebra filter is enabled, it is correctly configured and functional (otherwise, ensure it is disabled).CVE
More info:
https://moodle.org/mod/forum/discuss.php?d=445064&parent=1788897
von Michael Hawkins. Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk.Severity/Risk:SeriousVersions affected:4.1 to 4.1.1, 4.0 to 4.0.6, 3.11 to 3.11.12, 3.9 to 3.9.19 and earlier unsupported versionsVersions fixed:4.1.2, 4.0.7, 3.11.13 and 3.9.20Reported by:Petr SkodaWorkaround:Disable the database auto-linking filter until the patch has been applied.CVE identifier:CVE-2023-28331Changes
More info:
https://moodle.org/mod/forum/discuss.php?d=445063&parent=1788896
von Michael Hawkins. Authenticated users were able to enumerate other users names via the learning plans page.Severity/Risk:MinorVersions affected:4.1 to 4.1.1 and 4.0 to 4.0.6Versions fixed:4.1.2 and 4.0.7Reported by:Paul HoldenCVE identifier:CVE-2023-28334Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77129Tracker issue:MDL-77129 Users name enumeration possible via IDOR on learning plans page
More info:
https://moodle.org/mod/forum/discuss.php?d=445066&parent=1788899
von Michael Hawkins. The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).Severity/Risk:MinorVersions affected:4.1 to 4.1.1, 4.0 to 4.0.6, 3.11 to 3.11.12, 3.9 to 3.9.19 and earlier unsupported versionsVersions fixed:4.1.2, 4.0.7, 3.11.13 and 3.9.20Reported by:Lars BonczekCVE identifier:CVE-2023-28333Changes
More info:
https://moodle.org/mod/forum/discuss.php?d=445065&parent=1788898
von Michael Hawkins. The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk.Severity/Risk:MinorVersions affected:4.1 to 4.1.1Versions fixed:4.1.2Reported by:DegrangeMCVE identifier:CVE-2023-28335Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77008Tracker issue:MDL-77008 CSRF risk in resetting all templates of a database activity
More info:
https://moodle.org/mod/forum/discuss.php?d=445067&parent=1788900
