MSA-18-0003: Privilege escalation in quiz web services

by Marina Glancy.  

Quiz web services allow students to see quiz results when it is prohibited in the settings. This web service is used by the mobile app


...
Severity/Risk:Minor
Versions affected:3.4, 3.3 to 3.3.3, 3.2 to 3.2.6 and 3.1 to 3.1.9
Versions fixed:3.4.1, 3.3.4, 3.2.7 and 3.1.10
Reported by:Chirine Nassar
CVE identifier:CVE-2018-1044
Changes
Register to read more...

MSA-18-0002: Setting for blocked hosts list can be bypassed with multiple A record hostnames

by Marina Glancy.  

Moodle setting "cURL blocked hosts list" was introduced in Moodle 3.2 to prevent access to specific addresses (usually internal) when server retrieves URLs requested by the user. PoC was presented how to bypass this restriction by using a DNS record that returns multiple A records for a hostname.


...
Severity/Risk:Minor
Versions
Register to read more...

MSA-18-0001: Server Side Request Forgery in the filepicker

by Marina Glancy.  

By substituting the source URL in the filepicker AJAX request authenticated users are able to retrieve and view any URL. We classify this issue as serious because some cloud hosting providers contain internal resources that can expose data and compromise a server


...
Severity/Risk:Serious
Versions affected:3.4, 3.3 to 3.3.3, 3.2
Register to read more...

MSA-17-0021: Students can find out email addresses of other students in the same course

by Marina Glancy.  

Using search on Participants page students could search email addresses of all participants regardless of email visibility. This allows to enumerate and guess emails of other students


...
Severity/Risk:Minor
Versions affected:3.3 to 3.3.2, 3.2 to 3.2.5, 3.1 to 3.1.8 and earlier unsupported versions
Versions fixed:3.4, 3.3.3, 3.2.6
Register to read more...