On October 10, 2023, the following HTTP/2 protocol-level weakness, which enables a novel distributed denial of service (DDoS) attack technique, was disclosed: CVE-2023-44487: HTTP/2 Rapid Reset For a description of this vulnerability, see the following publications: How it works: The novel HTTP/2 ‘Rapid Reset’ DDoS attack (Google) HTTP/2 Zero-Day vulnerability results in record-breaking DDoS attacks (Cloudflare) CVE-2023-44487 - HTTP/2 Rapid Reset Attack (AWS) This advisory will
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=HTTP/2%20Rapid%20Reset%20Attack%20Affecting%20Cisco%20Products:%20October%202023&vs_k=1
Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system. For steps to close the attack vector for this vulnerability, see the Recommendations section of this
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XE%20Software%20Web%20UI%20Privilege%20Escalation%20Vulnerability&vs_k=1
von Michael Hawkins. Insufficient sanitizing of loaders used by TinyMCE resulted in an arbitrary folder creation risk.Severity/Risk:SeriousVersions affected:4.1 to 4.1.2Versions fixed:4.1.3Reported by:Yaniv Nizry (SonarSource)CVE identifier:CVE-2023-30943Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77718Tracker issue:MDL-77718 TinyMCE loaders susceptible to Arbitrary Folder Creation
More info:
https://moodle.org/mod/forum/discuss.php?d=446285&parent=1793613
von Michael Hawkins. A limited SQL injection risk was identified in functionality used by the Wiki activity when listing pages.Severity/Risk:MinorVersions affected:4.1 to 4.1.2, 4.0 to 4.0.7, 3.11 to 3.11.13, 3.9 to 3.9.20 and earlier unsupported versionsVersions fixed:4.1.3, 4.0.8, 3.11.14 and 3.9.21Reported by:Paul HoldenCVE identifier:CVE-2023-30944Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77187Tracker issue:MDL-77187 Minor SQL
More info:
https://moodle.org/mod/forum/discuss.php?d=446286&parent=1793614
von Michael Hawkins. Content on the groups page required additional sanitizing to prevent an XSS risk.Severity/Risk:MinorVersions affected:4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14Versions fixed:4.2.1, 4.1.4, 4.0.9 and 3.11.15Reported by:Petr SkodaCVE identifier:CVE-2023-35131Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76683Tracker issue:MDL-76683 XSS risk on groups page
More info:
https://moodle.org/mod/forum/discuss.php?d=447829&parent=1799653
von Michael Hawkins. A limited SQL injection risk was identified on the Mnet SSO access control page.Severity/Risk:MinorVersions affected:4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versionsVersions fixed:4.2.1, 4.1.4, 4.0.9, 3.11.15 and 3.9.22Reported by:Paul HoldenCVE identifier:CVE-2023-35132Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77193Tracker issue:MDL-77193 Minor SQL injection risk on
More info:
https://moodle.org/mod/forum/discuss.php?d=447830&parent=1799654
von Michael Hawkins. An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk.Severity/Risk:SeriousVersions affected:4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versionsVersions fixed:4.2.1, 4.1.4, 4.0.9, 3.11.15 and 3.9.22Reported by:Mateo HanžekCVE identifier:CVE-2023-35133Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78215Tracker
More info:
https://moodle.org/mod/forum/discuss.php?d=447831&parent=1799656
von Michael Hawkins. A remote code execution risk was identified where file repository reference properties are parsed.Severity/Risk:SeriousVersions affected:4.2 to 4.2.1, 4.1 to 4.1.4, 4.0 to 4.0.9, 3.11 to 3.11.15, 3.9 to 3.9.22 and earlier unsupported versionsVersions fixed:4.2.2, 4.1.5, 4.0.10, 3.11.16 and 3.9.23Reported by:Paul HoldenCVE identifier:CVE-2023-40317Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78647Tracker
More info:
https://moodle.org/mod/forum/discuss.php?d=449641&parent=1807043
von Michael Hawkins. Incorrect domain matching logic made it possible to bypass the proxy, which could result in access to hosts intended to be blocked by the proxy.Severity/Risk:SeriousVersions affected:4.2 to 4.2.1, 4.1 to 4.1.4, 4.0 to 4.0.9, 3.11 to 3.11.15, 3.9 to 3.9.22 and earlier unsupported versionsVersions fixed:4.2.2, 4.1.5, 4.0.10, 3.11.16 and 3.9.23Reported by:Brendan HeywoodWorkaround:Add hosts blocked within the proxy to the Moodle cURL blocked hosts configuration if possible,
More info:
https://moodle.org/mod/forum/discuss.php?d=449640&parent=1807042
von Michael Hawkins. An SQL injection risk was identified in the grader report sorting.(Note: By default the capability to access this page is only available to teachers, non-editing teachers and managers.)Severity/Risk:SeriousVersions affected:4.2 to 4.2.1Versions fixed:4.2.2Reported by:Paul HoldenWorkaround:Remove access to the gradereport/grader:view capability until the patch has been applied.CVE identifier:CVE-2023-40319Changes
More info:
https://moodle.org/mod/forum/discuss.php?d=449643&parent=1807045
