 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.10.2014.0230 |
| Category: | Mageia Linux Local Security Checks |
| Title: | Mageia: Security Advisory (MGASA-2014-0230) |
| Summary: | The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2014-0230 advisory. |
| Description: | Summary: The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2014-0230 advisory. Vulnerability Insight: Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.3, Session checking was not being performed correctly in Assignment's quick-grading, allowing forged requests to be made unknowingly by authenticated users (CVE-2014-0213). In Moodle before 2.6.3, MoodleMobile web service tokens, created automatically in login/token.php, were not expiring and were valid forever (CVE-2014-0214). In Moodle before 2.6.3, Some student details, including identities, were included in assignment marking pages and would have been revealed to screen readers or through code inspection (CVE-2014-0215). In Moodle before 2.6.3, Access to files linked on HTML blocks on the My home page was not being checked in the correct context, allowing access to unauthenticated users (CVE-2014-0216). In Moodle before 2.6.3, There was a lack of filtering in the URL downloader repository that could have been exploited for XSS (CVE-2014-0218). The 2.4 branch of Moodle will no longer be supported as of approximately June 2014, so the Moodle package has been upgraded to version 2.6.3 to fix these issues. Affected Software/OS: 'moodle' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-0213 [oss-security] 20140519 Moodle security notifications public http://openwall.com/lists/oss-security/2014/05/19/1 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44606 https://moodle.org/mod/forum/discuss.php?d=260361 Common Vulnerability Exposure (CVE) ID: CVE-2014-0214 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43119 https://moodle.org/mod/forum/discuss.php?d=260362 Common Vulnerability Exposure (CVE) ID: CVE-2014-0215 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44750 https://moodle.org/mod/forum/discuss.php?d=260363 Common Vulnerability Exposure (CVE) ID: CVE-2014-0216 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43877 https://moodle.org/mod/forum/discuss.php?d=260364 Common Vulnerability Exposure (CVE) ID: CVE-2014-0218 67479 http://www.securityfocus.com/bid/67479 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45332 https://moodle.org/mod/forum/discuss.php?d=260366 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |