Refine your search
80 vulnerabilities found for Moodle by Moodle
CERTFR-2025-AVI-0519
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une injection SQL (SQLi) et une falsification de requêtes côté serveur (SSRF).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.4.x ant\u00e9rieures \u00e0 4.4.9 ",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.5.x ant\u00e9rieures \u00e0 4.5.5",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 4.1.19",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 5.0.x ant\u00e9rieures \u00e0 5.0.1",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-49513",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49513"
},
{
"name": "CVE-2025-49515",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49515"
},
{
"name": "CVE-2025-49514",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49514"
},
{
"name": "CVE-2025-49512",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49512"
},
{
"name": "CVE-2025-49517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49517"
},
{
"name": "CVE-2025-49516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49516"
},
{
"name": "CVE-2025-49518",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49518"
},
{
"name": "CVE-2025-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46337"
}
],
"initial_release_date": "2025-06-18T00:00:00",
"last_revision_date": "2025-06-18T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0519",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une injection SQL (SQLi) et une falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0032",
"url": "https://moodle.org/mod/forum/discuss.php?d=468503"
},
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0030",
"url": "https://moodle.org/mod/forum/discuss.php?d=468501"
},
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0031",
"url": "https://moodle.org/mod/forum/discuss.php?d=468502"
},
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0033",
"url": "https://moodle.org/mod/forum/discuss.php?d=468504"
},
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0034",
"url": "https://moodle.org/mod/forum/discuss.php?d=468505"
},
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0035",
"url": "https://moodle.org/mod/forum/discuss.php?d=468506"
},
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0029",
"url": "https://moodle.org/mod/forum/discuss.php?d=468500"
},
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0036",
"url": "https://moodle.org/mod/forum/discuss.php?d=468507"
}
]
}
CERTFR-2025-AVI-0340
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.3.x ant\u00e9rieures \u00e0 4.3.12",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.5.x ant\u00e9rieures \u00e0 4.5.4",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.4.x ant\u00e9rieures \u00e0 4.4.8",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 4.1.18",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3643"
},
{
"name": "CVE-2025-3634",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3634"
},
{
"name": "CVE-2025-3641",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3641"
},
{
"name": "CVE-2025-3637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3637"
},
{
"name": "CVE-2025-3628",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3628"
},
{
"name": "CVE-2025-3647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3647"
},
{
"name": "CVE-2025-3625",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3625"
},
{
"name": "CVE-2025-3636",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3636"
},
{
"name": "CVE-2025-3642",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3642"
},
{
"name": "CVE-2025-3638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3638"
},
{
"name": "CVE-2025-3645",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3645"
},
{
"name": "CVE-2024-40446",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40446"
},
{
"name": "CVE-2025-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3640"
},
{
"name": "CVE-2025-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3627"
},
{
"name": "CVE-2025-3644",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3644"
},
{
"name": "CVE-2025-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3635"
}
],
"initial_release_date": "2025-04-22T00:00:00",
"last_revision_date": "2025-04-22T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0340",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0014",
"url": "https://moodle.org/mod/forum/discuss.php?d=467593"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0017",
"url": "https://moodle.org/mod/forum/discuss.php?d=467596"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0027",
"url": "https://moodle.org/mod/forum/discuss.php?d=467606"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0023",
"url": "https://moodle.org/mod/forum/discuss.php?d=467602"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0022",
"url": "https://moodle.org/mod/forum/discuss.php?d=467601"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0013",
"url": "https://moodle.org/mod/forum/discuss.php?d=467592"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0026",
"url": "https://moodle.org/mod/forum/discuss.php?d=467605"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0015",
"url": "https://moodle.org/mod/forum/discuss.php?d=467594"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0020",
"url": "https://moodle.org/mod/forum/discuss.php?d=467599"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0024",
"url": "https://moodle.org/mod/forum/discuss.php?d=467603"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0025",
"url": "https://moodle.org/mod/forum/discuss.php?d=467604"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0016",
"url": "https://moodle.org/mod/forum/discuss.php?d=467595"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0019",
"url": "https://moodle.org/mod/forum/discuss.php?d=467598"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0021",
"url": "https://moodle.org/mod/forum/discuss.php?d=467600"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0028",
"url": "https://moodle.org/mod/forum/discuss.php?d=467607"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0018",
"url": "https://moodle.org/mod/forum/discuss.php?d=467597"
}
]
}
CERTFR-2025-AVI-0242
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.4.x ant\u00e9rieures \u00e0 4.4.7",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.3.x ant\u00e9rieures \u00e0 4.3.11 ",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.5.x ant\u00e9rieures \u00e0 4.5.3",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 4.1.17",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2025-03-26T00:00:00",
"last_revision_date": "2025-03-26T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0242",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": "2025-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0011",
"url": "https://moodle.org/mod/forum/discuss.php?d=467084"
},
{
"published_at": "2025-03-26",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0012",
"url": "https://moodle.org/mod/forum/discuss.php?d=467086"
}
]
}
CERTFR-2025-AVI-0138
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.3.x ant\u00e9rieures \u00e0 4.3.10",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.16",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.5.x ant\u00e9rieures \u00e0 4.5.2",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.4.x ant\u00e9rieures \u00e0 4.4.6",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-26528",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26528"
},
{
"name": "CVE-2025-26529",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26529"
},
{
"name": "CVE-2024-38999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38999"
},
{
"name": "CVE-2025-26527",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26527"
},
{
"name": "CVE-2025-26533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26533"
},
{
"name": "CVE-2025-26532",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26532"
},
{
"name": "CVE-2025-26530",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26530"
},
{
"name": "CVE-2025-26526",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26526"
},
{
"name": "CVE-2025-26525",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26525"
},
{
"name": "CVE-2025-26531",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26531"
}
],
"initial_release_date": "2025-02-18T00:00:00",
"last_revision_date": "2025-02-18T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0138",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0006",
"url": "https://moodle.org/mod/forum/discuss.php?d=466146"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0003",
"url": "https://moodle.org/mod/forum/discuss.php?d=466143"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0002",
"url": "https://moodle.org/mod/forum/discuss.php?d=466142"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0004",
"url": "https://moodle.org/mod/forum/discuss.php?d=466144"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0007",
"url": "https://moodle.org/mod/forum/discuss.php?d=466147"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0008",
"url": "https://moodle.org/mod/forum/discuss.php?d=466148"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0009",
"url": "https://moodle.org/mod/forum/discuss.php?d=466149"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0005",
"url": "https://moodle.org/mod/forum/discuss.php?d=466145"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0010",
"url": "https://moodle.org/mod/forum/discuss.php?d=466150"
},
{
"published_at": "2025-02-18",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0001",
"url": "https://moodle.org/mod/forum/discuss.php?d=466141"
}
]
}
CERTFR-2024-AVI-1085
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.4.x ant\u00e9rieures \u00e0 4.4.5",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.15",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.5.x ant\u00e9rieures \u00e0 4.5.1",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.3.x ant\u00e9rieures \u00e0 4.3.9 ",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-55648",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55648"
},
{
"name": "CVE-2024-55644",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55644"
},
{
"name": "CVE-2024-55646",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55646"
},
{
"name": "CVE-2024-55645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55645"
},
{
"name": "CVE-2024-55643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55643"
},
{
"name": "CVE-2024-55647",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55647"
}
],
"initial_release_date": "2024-12-17T00:00:00",
"last_revision_date": "2024-12-17T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1085",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0056",
"url": "https://moodle.org/mod/forum/discuss.php?d=464559"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0052",
"url": "https://moodle.org/mod/forum/discuss.php?d=464555"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0055",
"url": "https://moodle.org/mod/forum/discuss.php?d=464558"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0054",
"url": "https://moodle.org/mod/forum/discuss.php?d=464557"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0053",
"url": "https://moodle.org/mod/forum/discuss.php?d=464556"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 464554",
"url": "https://moodle.org/mod/forum/discuss.php?d=464554"
}
]
}
CERTFR-2024-AVI-0876
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.2.x ant\u00e9rieures \u00e0 4.2.11 ",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.4.x ant\u00e9rieures \u00e0 4.4.4",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.3.x ant\u00e9rieures \u00e0 4.3.8",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 4.1.14",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-48900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48900"
},
{
"name": "CVE-2024-48901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48901"
},
{
"name": "CVE-2024-48898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48898"
},
{
"name": "CVE-2024-48897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48897"
},
{
"name": "CVE-2024-48896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48896"
},
{
"name": "CVE-2024-48899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48899"
}
],
"initial_release_date": "2024-10-14T00:00:00",
"last_revision_date": "2024-10-14T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0876",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": "2024-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0045",
"url": "https://moodle.org/mod/forum/discuss.php?d=462874"
},
{
"published_at": "2024-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0048",
"url": "https://moodle.org/mod/forum/discuss.php?d=462878"
},
{
"published_at": "2024-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0047",
"url": "https://moodle.org/mod/forum/discuss.php?d=462877"
},
{
"published_at": "2024-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0046",
"url": "https://moodle.org/mod/forum/discuss.php?d=462876"
},
{
"published_at": "2024-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0050",
"url": "https://moodle.org/mod/forum/discuss.php?d=462880"
},
{
"published_at": "2024-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0049",
"url": "https://moodle.org/mod/forum/discuss.php?d=462879"
}
]
}
CERTFR-2024-AVI-0756
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.3.x ant\u00e9rieures \u00e0 4.3.7",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.13",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.4.x ant\u00e9rieures \u00e0 4.4.3",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.2.x ant\u00e9rieures \u00e0 4.2.10 ",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-45690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45690"
},
{
"name": "CVE-2024-45689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45689"
},
{
"name": "CVE-2024-45691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45691"
}
],
"initial_release_date": "2024-09-10T00:00:00",
"last_revision_date": "2024-09-10T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0756",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0044",
"url": "https://moodle.org/mod/forum/discuss.php?d=461897"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0043",
"url": "https://moodle.org/mod/forum/discuss.php?d=461895"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0042",
"url": "https://moodle.org/mod/forum/discuss.php?d=461894"
}
]
}
CERTFR-2024-AVI-0149
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer un déni de service à distance, une injection de requêtes illégitimes par rebond (CSRF) et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.3.x ant\u00e9rieures \u00e0 4.3.3",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 4.1.9",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.2.x ant\u00e9rieures \u00e0 4.2.6",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-25981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25981"
},
{
"name": "CVE-2024-25982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25982"
},
{
"name": "CVE-2024-25979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25979"
},
{
"name": "CVE-2024-25980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25980"
},
{
"name": "CVE-2024-25978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25978"
},
{
"name": "CVE-2024-25983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25983"
}
],
"initial_release_date": "2024-02-20T00:00:00",
"last_revision_date": "2024-02-20T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0149",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eMoodle\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, une injection de requ\u00eates\nill\u00e9gitimes par rebond (CSRF) et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0004 du 19 f\u00e9vrier 2024",
"url": "https://moodle.org/mod/forum/discuss.php?d=455637"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0002 du 19 f\u00e9vrier 2024",
"url": "https://moodle.org/mod/forum/discuss.php?d=455635"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0006 du 19 f\u00e9vrier 2024",
"url": "https://moodle.org/mod/forum/discuss.php?d=455641"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0001 du 19 f\u00e9vrier 2024",
"url": "https://moodle.org/mod/forum/discuss.php?d=455634"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0005 du 19 f\u00e9vrier 2024",
"url": "https://moodle.org/mod/forum/discuss.php?d=455638"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0003 du 19 f\u00e9vrier 2024",
"url": "https://moodle.org/mod/forum/discuss.php?d=455636"
}
]
}
CERTFR-2023-AVI-1050
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moodle | Moodle | Moodle versions antérieures à 3.9.25 | ||
| Moodle | Moodle | Moodle versions 3.11.x antérieures à 3.11.18 | ||
| Moodle | Moodle | Moodle versions 4.0.x antérieures à 4.0.12 | ||
| Moodle | Moodle | Moodle versions 4.1.x antérieures à 4.1.7 | ||
| Moodle | Moodle | Moodle versions 4.2.x antérieures à 4.2.4 | ||
| Moodle | Moodle | Moodle versions 4.3.x antérieures à 4.3.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions ant\u00e9rieures \u00e0 3.9.25",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.18",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.12",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.7",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.2.x ant\u00e9rieures \u00e0 4.2.4",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.3.x ant\u00e9rieures \u00e0 4.3.1",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-6662",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6662"
},
{
"name": "CVE-2023-6667",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6667"
},
{
"name": "CVE-2023-6661",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6661"
},
{
"name": "CVE-2023-6663",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6663"
},
{
"name": "CVE-2023-6665",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6665"
},
{
"name": "CVE-2023-6670",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6670"
},
{
"name": "CVE-2023-6666",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6666"
},
{
"name": "CVE-2023-6664",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6664"
},
{
"name": "CVE-2023-6669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6669"
},
{
"name": "CVE-2023-6668",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6668"
}
],
"initial_release_date": "2023-12-21T00:00:00",
"last_revision_date": "2023-12-21T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-1050",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0053 du 21 d\u00e9cembre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=453767"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0047 du 21 d\u00e9cembre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=453761"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0051 du 21 d\u00e9cembre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=453765"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0049 du 21 d\u00e9cembre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=453763"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0046 du 21 d\u00e9cembre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=453760"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0052 du 21 d\u00e9cembre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=453766"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0048 du 21 d\u00e9cembre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=453762"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0050 du 21 d\u00e9cembre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=453764"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0045 du 21 d\u00e9cembre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=453759"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0044 du 21 d\u00e9cembre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=453758"
}
]
}
CERTFR-2023-AVI-0859
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moodle | Moodle | Moodle versions 4.2.x antérieures à 4.2.3 | ||
| Moodle | Moodle | Moodle versions 4.0.x antérieures à 4.0.11 | ||
| Moodle | Moodle | Moodle versions antérieures à 3.9.24 | ||
| Moodle | Moodle | Moodle versions 3.11.x antérieures à 3.11.17 | ||
| Moodle | Moodle | Moodle versions 4.1.x antérieures à 4.1.6 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.2.x ant\u00e9rieures \u00e0 4.2.3",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.11",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 3.9.24",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.17",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.6",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-5549",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5549"
},
{
"name": "CVE-2023-5550",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5550"
},
{
"name": "CVE-2023-5548",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5548"
},
{
"name": "CVE-2023-5551",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5551"
}
],
"initial_release_date": "2023-10-18T00:00:00",
"last_revision_date": "2023-10-18T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0859",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0040 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451589"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0041 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451590"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0043 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451592"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0042 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451591"
}
]
}
CERTFR-2023-AVI-0854
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moodle | Moodle | Moodle versions 4.2.x antérieures à 4.2.3 | ||
| Moodle | Moodle | Moodle versions 4.0.x antérieures à 4.0.11 | ||
| Moodle | Moodle | Moodle versions antérieures à 3.9.24 | ||
| Moodle | Moodle | Moodle versions 3.11.x antérieures à 3.11.17 | ||
| Moodle | Moodle | Moodle versions 4.1.x antérieures à 4.1.6 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.2.x ant\u00e9rieures \u00e0 4.2.3",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.11",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 3.9.24",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.17",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.6",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-5543",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5543"
},
{
"name": "CVE-2023-5541",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5541"
},
{
"name": "CVE-2023-5544",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5544"
},
{
"name": "CVE-2023-5539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5539"
},
{
"name": "CVE-2023-5540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5540"
},
{
"name": "CVE-2023-5542",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5542"
},
{
"name": "CVE-2023-5547",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5547"
},
{
"name": "CVE-2023-5545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5545"
},
{
"name": "CVE-2023-5546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5546"
}
],
"initial_release_date": "2023-10-17T00:00:00",
"last_revision_date": "2023-10-18T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0854",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-17T00:00:00.000000"
},
{
"description": "La version 3.9.23 est vuln\u00e9rable, la version 3.9.24 ne l\u0027est pas.",
"revision_date": "2023-10-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0034 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451583"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0033 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451582"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0035 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451584"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0037 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451586"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0036 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451585"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0032 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451581"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0038 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451587"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0039 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451588"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0031 du 17 octobre 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=451580"
}
]
}
CERTFR-2023-AVI-0671
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moodle | Moodle | Moodle versions antérieures à 3.9.23 | ||
| Moodle | Moodle | Moodle versions 3.11.x antérieures à 3.11.16 | ||
| Moodle | Moodle | Moodle versions 4.0.x antérieures à 4.0.10 | ||
| Moodle | Moodle | Moodle versions 4.1.x antérieures à 4.1.5 | ||
| Moodle | Moodle | Moodle versions 4.2.x antérieures à 4.2.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions ant\u00e9rieures \u00e0 3.9.23",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.16",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.10",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.5",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.2.x ant\u00e9rieures \u00e0 4.2.2",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-40324",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40324"
},
{
"name": "CVE-2023-40323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40323"
},
{
"name": "CVE-2023-40319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40319"
},
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2023-40318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40318"
},
{
"name": "CVE-2023-40320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40320"
},
{
"name": "CVE-2023-40322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40322"
},
{
"name": "CVE-2023-40316",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40316"
},
{
"name": "CVE-2023-40321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40321"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2022-39369",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39369"
},
{
"name": "CVE-2023-40325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40325"
},
{
"name": "CVE-2023-40317",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40317"
}
],
"initial_release_date": "2023-08-21T00:00:00",
"last_revision_date": "2023-08-21T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0671",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0020 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449641"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0026 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449647"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0025 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449646"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0024 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449645"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0030 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449651"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0028 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449649"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0029 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449650"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0023 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449644"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0021 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449642"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0022 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449643"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0027 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449648"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0019 du 21 ao\u00fbt 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=449640"
}
]
}
CERTFR-2023-AVI-0476
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS), une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moodle | Moodle | Moodle versions 3.9.x antérieures à 3.9.22 | ||
| Moodle | Moodle | Moodle versions 3.11.x antérieures à 3.11.15 | ||
| Moodle | Moodle | Moodle versions 4.1.x antérieures à 4.1.4 | ||
| Moodle | Moodle | Moodle versions 4.0.x antérieures à 4.0.9 | ||
| Moodle | Moodle | Moodle versions 4.2.x antérieures à 4.2.1 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 3.9.x ant\u00e9rieures \u00e0 3.9.22",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.15",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.4",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.9",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.2.x ant\u00e9rieures \u00e0 4.2.1",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-35132",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35132"
},
{
"name": "CVE-2023-35131",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35131"
},
{
"name": "CVE-2023-35133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35133"
}
],
"initial_release_date": "2023-06-19T00:00:00",
"last_revision_date": "2023-06-19T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0476",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eMoodle\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une injection de code indirecte \u00e0 distance (XSS), une\nex\u00e9cution de code arbitraire \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0017 du 19 juin 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=447830"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0018 du 19 juin 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=447831"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0016 du 19 juin 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=447829"
}
]
}
CERTFR-2023-AVI-0352
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.8",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.14",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.9.x ant\u00e9rieures \u00e0 3.9.21",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.3",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-30943",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30943"
},
{
"name": "CVE-2023-30944",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30944"
}
],
"initial_release_date": "2023-05-03T00:00:00",
"last_revision_date": "2023-05-03T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0352",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0014 du 01 mai 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=446285"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0015 du 01 mai 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=446286"
}
]
}
CERTFR-2023-AVI-0246
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Moodle. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS), une injection de requêtes illégitimes par rebond (CSRF), un contournement de la politique de sécurité et une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.2",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.7",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.9.x ant\u00e9rieures \u00e0 3.9.20",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.13",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-28331",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28331"
},
{
"name": "CVE-2023-28333",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28333"
},
{
"name": "CVE-2022-23494",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23494"
},
{
"name": "CVE-2023-28330",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28330"
},
{
"name": "CVE-2023-28334",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28334"
},
{
"name": "CVE-2023-1402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1402"
},
{
"name": "CVE-2023-28329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28329"
},
{
"name": "CVE-2023-28332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28332"
},
{
"name": "CVE-2023-28335",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28335"
},
{
"name": "CVE-2023-28336",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28336"
}
],
"initial_release_date": "2023-03-21T00:00:00",
"last_revision_date": "2023-03-21T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Moodle\u00a0MSA-23-0005 du 20 mars 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=445062"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Moodle\u00a0MSA-23-0007 du 20 mars 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=445064"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Moodle\u00a0MSA-23-0006 du 20 mars 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=445063"
}
],
"reference": "CERTFR-2023-AVI-0246",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMoodle\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une injection de code indirecte \u00e0 distance (XSS), une\ninjection de requ\u00eates ill\u00e9gitimes par rebond (CSRF), un contournement de\nla politique de s\u00e9curit\u00e9 et une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0004 du 20 mars 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=445061"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0009 du 20 mars 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=445066"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0011 du 20 mars 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=445068"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0005 du 20 mars 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0012 du 20 mars 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=445069"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0006 du 20 mars 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0008 du 20 mars 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=445065"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0013 du 21 mars 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=445070"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0007 du 20 mars 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0010 du 20 mars 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=445067"
}
]
}
CERTFR-2023-AVI-0054
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une atteinte à l'intégrité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.12",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.1",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.9.x ant\u00e9rieures \u00e0 3.9.19",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.6",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2023-01-24T00:00:00",
"last_revision_date": "2023-01-24T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0054",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-01-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\ninjection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0003 du 24 janvier 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=443274"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0002 du 24 janvier 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=443273"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-23-0001 du 24 janvier 2023",
"url": "https://moodle.org/mod/forum/discuss.php?d=443272"
}
]
}
CERTFR-2022-AVI-1046
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.11",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 3.9.18",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.5",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-45150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45150"
},
{
"name": "CVE-2022-45152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45152"
},
{
"name": "CVE-2021-23414",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23414"
},
{
"name": "CVE-2022-45149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45149"
},
{
"name": "CVE-2022-45151",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45151"
}
],
"initial_release_date": "2022-11-22T00:00:00",
"last_revision_date": "2022-11-22T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1046",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance et une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-22-0030 du 21 novembre 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=440770"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-22-0028 du 21 novembre 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=440767"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-22-0031 du 21 novembre 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=440771"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-22-0029 du 21 novembre 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=440769"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-22-0032 du 21 novembre 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=440772"
}
]
}
CERTFR-2022-AVI-861
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Moodle. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 3.9.x ant\u00e9rieures \u00e0 3.9.16",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.3",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.9",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-40208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40208"
}
],
"initial_release_date": "2022-09-28T00:00:00",
"last_revision_date": "2022-09-28T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-861",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-09-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Moodle. Elle permet \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-22-0027 du 27 septembre 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=438761"
}
]
}
CERTFR-2022-AVI-837
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 3.9.x ant\u00e9rieures \u00e0 3.9.17",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.10",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.0.x ant\u00e9rieures \u00e0 4.0.4",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-40316",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40316"
},
{
"name": "CVE-2022-40313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40313"
},
{
"name": "CVE-2022-40315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40315"
},
{
"name": "CVE-2022-40314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40314"
}
],
"initial_release_date": "2022-09-20T00:00:00",
"last_revision_date": "2022-09-20T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-837",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-09-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\ninjection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 438392 du 19 septembre 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=438392"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 438394 du 19 septembre 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=438394"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 438393 du 19 septembre 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=438393"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 438395 du 19 septembre 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=438395"
}
]
}
CERTFR-2022-AVI-776
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 3.x ant\u00e9rieures \u00e0 3.11.9",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.x ant\u00e9rieures \u00e0 4.0.3",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-0323",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0323"
},
{
"name": "CVE-2022-2986",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2986"
}
],
"initial_release_date": "2022-08-29T00:00:00",
"last_revision_date": "2022-08-29T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-776",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et une injection de requ\u00eates ill\u00e9gitimes par\nrebond (CSRF).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 437684 du 29 ao\u00fbt 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=437684"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 437685 du 29 ao\u00fbt 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=437685"
}
]
}
CERTFR-2022-AVI-653
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle 3.11.x versions ant\u00e9rieures \u00e0 3.11.8",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 3.9.15",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle 4.0.x versions ant\u00e9rieures \u00e0 4.0.2",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-35652",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35652"
},
{
"name": "CVE-2022-35651",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35651"
},
{
"name": "CVE-2022-35649",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35649"
},
{
"name": "CVE-2022-35653",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35653"
},
{
"name": "CVE-2022-35650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35650"
}
],
"initial_release_date": "2022-07-18T00:00:00",
"last_revision_date": "2022-07-18T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-653",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code\nindirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-22-0018 du 18 juillet 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=436459"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-22-0020 du 18 juillet 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=436461"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-22-0017 du 18 juillet 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=436458"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-22-0015 du 18 juillet 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=436456"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-22-0019 du 18 juillet 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=436460"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-22-0016 du 18 juillet 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=436457"
}
]
}
CERTFR-2022-AVI-260
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 3.10.x ant\u00e9rieures \u00e0 3.10.10",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.9.x ant\u00e9rieures \u00e0 3.9.13",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.6",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-0984",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0984"
},
{
"name": "CVE-2022-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0985"
}
],
"initial_release_date": "2022-03-21T00:00:00",
"last_revision_date": "2022-03-21T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-260",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 432948 du 21 mars 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=432948"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 432947 du 21 mars 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=432947"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 432950 du 21 mars 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=432950"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 432951 du 21 mars 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=432951"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 432949 du 21 mars 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=432949"
}
]
}
CERTFR-2022-AVI-076
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.5",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.9.x ant\u00e9rieures \u00e0 3.9.12",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.10.x ant\u00e9rieures \u00e0 3.10.9",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-0332",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0332"
},
{
"name": "CVE-2022-0335",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0335"
},
{
"name": "CVE-2022-0334",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0334"
},
{
"name": "CVE-2022-0333",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0333"
}
],
"initial_release_date": "2022-01-24T00:00:00",
"last_revision_date": "2022-01-24T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-076",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\ninjection de requ\u00eates ill\u00e9gitimes par rebond (CSRF).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 431103 du 24 janvier 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=431103"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 431100 du 24 janvier 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=431100"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 431102 du 24 janvier 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=431102"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 431099 du 24 janvier 2022",
"url": "https://moodle.org/mod/forum/discuss.php?d=431099"
}
]
}
CERTFR-2021-AVI-718
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.3",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.10.x ant\u00e9rieures \u00e0 3.10.7",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.9.x ant\u00e9rieures \u00e0 3.9.10",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-40694",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40694"
},
{
"name": "CVE-2021-40692",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40692"
},
{
"name": "CVE-2021-40695",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40695"
},
{
"name": "CVE-2021-40693",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40693"
},
{
"name": "CVE-2021-40691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40691"
}
],
"initial_release_date": "2021-09-20T00:00:00",
"last_revision_date": "2021-09-20T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-718",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-09-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Elles\npermettent \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-21-0032 du 20 septembre 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=427103"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-21-0033 du 20 septembre 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=427104"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-21-0035 du 20 septembre 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=427106"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-21-0034 du 20 septembre 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=427105"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-21-0036 du 20 septembre 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=427107"
}
]
}
CERTFR-2021-AVI-544
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 3.10.x ant\u00e9rieures \u00e0 3.10.5",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.11.x ant\u00e9rieures \u00e0 3.11.1",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.9.x ant\u00e9rieures \u00e0 3.9.8",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-36398",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36398"
},
{
"name": "CVE-2021-36395",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36395"
},
{
"name": "CVE-2021-36393",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36393"
},
{
"name": "CVE-2021-36400",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36400"
},
{
"name": "CVE-2021-36397",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36397"
},
{
"name": "CVE-2021-36402",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36402"
},
{
"name": "CVE-2021-36401",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36401"
},
{
"name": "CVE-2021-36396",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36396"
},
{
"name": "CVE-2021-36399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36399"
},
{
"name": "CVE-2021-36394",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36394"
},
{
"name": "CVE-2021-36403",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36403"
}
],
"initial_release_date": "2021-07-20T00:00:00",
"last_revision_date": "2021-07-20T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-544",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 424799 du 19 juillet 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=424799"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 424798 du 19 juillet 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=424798"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 424809 du 19 juillet 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=424809"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 424803 du 19 juillet 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=424803"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 424806 du 19 juillet 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=424806"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 424807 du 19 juillet 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=424807"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 424808 du 19 juillet 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=424808"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 424801 du 19 juillet 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=424801"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 424804 du 19 juillet 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=424804"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 424802 du 19 juillet 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=424802"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle 424805 du 19 juillet 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=424805"
}
]
}
CERTFR-2021-AVI-386
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 3.8.x ant\u00e9rieures \u00e0 3.8.9",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.9.x ant\u00e9rieures \u00e0 3.9.7",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.10.x ant\u00e9rieures \u00e0 3.10.4",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.5.x ant\u00e9rieures \u00e0 3.5.18",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-32472",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32472"
},
{
"name": "CVE-2021-32476",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32476"
},
{
"name": "CVE-2021-32478",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32478"
},
{
"name": "CVE-2021-32474",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32474"
},
{
"name": "CVE-2021-32473",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32473"
},
{
"name": "CVE-2021-32475",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32475"
},
{
"name": "CVE-2021-32477",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32477"
}
],
"initial_release_date": "2021-05-17T00:00:00",
"last_revision_date": "2021-05-17T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-386",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-05-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-21-0017 du 17 mai 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=422313"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-21-0016 du 17 mai 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=422310"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-21-0018 du 17 mai 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=422314"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-21-0012 du 17 mai 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=422305"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-21-0014 du 17 mai 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=422308"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-21-0015 du 17 mai 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=422309"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-21-0013 du 17 mai 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=422307"
}
]
}
CERTFR-2021-AVI-196
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 3.8.x ant\u00e9rieures \u00e0 3.8.8",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.9.x ant\u00e9rieures \u00e0 3.9.5",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 3.5.17",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.10.x ant\u00e9rieures \u00e0 3.10.2",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-20279",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20279"
},
{
"name": "CVE-2021-20283",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20283"
},
{
"name": "CVE-2021-20281",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20281"
},
{
"name": "CVE-2021-20280",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20280"
},
{
"name": "CVE-2021-20282",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20282"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"initial_release_date": "2021-03-15T00:00:00",
"last_revision_date": "2021-03-15T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-196",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-03-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-21-0007 du 15 mars 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=419651"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-21-0011 du 15 mars 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=419655"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-21-0008 du 15 mars 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=419652"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-21-0010 du 15 mars 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=419654"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-21-0006 du 15 mars 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=419650"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-21-0009 du 15 mars 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=419653"
}
]
}
CERTFR-2021-AVI-057
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 3.8.x ant\u00e9rieures \u00e0 3.8.7",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.10.x ant\u00e9rieures \u00e0 3.10.1",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.5.x ant\u00e9rieures \u00e0 3.5.16",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.9.x ant\u00e9rieures \u00e0 3.9.4",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-20186",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20186"
},
{
"name": "CVE-2021-20184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20184"
},
{
"name": "CVE-2021-20185",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20185"
},
{
"name": "CVE-2021-20187",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20187"
},
{
"name": "CVE-2021-20183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20183"
}
],
"initial_release_date": "2021-01-26T00:00:00",
"last_revision_date": "2021-01-26T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-057",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-01-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-21-0005 du 25 janvier 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=417171"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-21-0003 du 25 janvier 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=417168"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-21-0001 du 25 janvier 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=417166"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-21-0004 du 25 janvier 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=417170"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-21-0002 du 25 janvier 2021",
"url": "https://moodle.org/mod/forum/discuss.php?d=417167"
}
]
}
CERTFR-2020-AVI-751
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une élévation de privilèges et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 3.7.x ant\u00e9rieures \u00e0 3.7.8",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.9.x ant\u00e9rieures \u00e0 3.9.2",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 3.8.x ant\u00e9rieures \u00e0 3.8.5",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-25699",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25699"
},
{
"name": "CVE-2020-25700",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25700"
},
{
"name": "CVE-2020-25702",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25702"
},
{
"name": "CVE-2020-25701",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25701"
},
{
"name": "CVE-2020-25703",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25703"
},
{
"name": "CVE-2020-25698",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25698"
}
],
"initial_release_date": "2020-11-16T00:00:00",
"last_revision_date": "2020-11-16T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-751",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-11-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Elles\npermettent \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9, une \u00e9l\u00e9vation de privil\u00e8ges et une injection de code\nindirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-20-0017 du 16 novembre 2020",
"url": "https://moodle.org/mod/forum/discuss.php?d=413936"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-20-0021 du 16 novembre 2020",
"url": "https://moodle.org/mod/forum/discuss.php?d=413941"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-20-0018 du 16 novembre 2020",
"url": "https://moodle.org/mod/forum/discuss.php?d=413938"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-20-0019 du 16 novembre 2020",
"url": "https://moodle.org/mod/forum/discuss.php?d=413939"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-20-0016 du 16 novembre 2020",
"url": "https://moodle.org/mod/forum/discuss.php?d=413935"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-20-0020 du 16 novembre 2020",
"url": "https://moodle.org/mod/forum/discuss.php?d=413940"
}
]
}
CERTFR-2020-AVI-584
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle 3.9 versions ant\u00e9rieures \u00e0 3.9.2",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle 3.8 versions ant\u00e9rieures \u00e0 3.8.5",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle 3.7 versions ant\u00e9rieures \u00e0 3.7.8",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-25628",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25628"
},
{
"name": "CVE-2020-25631",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25631"
},
{
"name": "CVE-2020-25630",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25630"
},
{
"name": "CVE-2020-25629",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25629"
},
{
"name": "CVE-2020-25627",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25627"
}
],
"initial_release_date": "2020-09-21T00:00:00",
"last_revision_date": "2020-09-21T00:00:00",
"links": [
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-25630",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25630"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-25627",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25627"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-25629",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25629"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-25631",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25631"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-25628",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25628"
}
],
"reference": "CERTFR-2020-AVI-584",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-09-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, un\ncontournement de la politique de s\u00e9curit\u00e9 et une injection de code\nindirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": []
}