{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-085.pdf"
    },
    "title": "Multiple Vulnerabilities in Moodle",
    "serial_number": "2024-085",
    "publish_date": "21-08-2024 12:19:29",
    "description": "On August 19, 2024, Moodle released a security advisory addressing sixteen vulnerabilities of various severities.<br>\nIt is recommended updating as soon as possible.<br>\n",
    "url_title": "2024-085",
    "content_markdown": "---\ntitle: 'Multiple Vulnerabilities in\u00a0Moodle'\nnumber: '2024-085'\nversion: '1.0'\noriginal_date: 'August 19, 2024'\ndate: 'August 21, 2024'\n---\n\n_History:_\n\n* _21/08/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn August 19, 2024, Moodle released a security advisory addressing sixteen vulnerabilities of various severities [1,2].\n\nIt is recommended updating as soon as possible.\n\n# Technical Details\n\nSeveral CVEs have been assigned with a *Serious* severity or risk by Moodle. \n\nThe vulnerability **CVE-2024-43440** is a Local File Inclusion (LFI) flaw triggered when restoring malformed block backups [3].\n\nThe vulnerability **CVE-2024-43439** is a flaw in unsanitised H5P error messages allowing for Reflected Cross-Site Scripting (XSS) [4].\n\nThe vulnerability **CVE-2024-43436** is an SQL injection flaw in the XMLDB editor tool available to site administrators [5].\n\nThe vulnerability **CVE-2024-43434** is a flaw in the bulk message sending feature for the feedback module's non-respondents report due to an incorrect CSRF token check, and possibly leading to Cross-Site Request Forgery (CSRF) [6].\n\nThe vulnerability **CVE-2024-43431** is an Insecure Direct Object Reference (IDOR) flaw that allows users to delete badges they do not have permission to access due to insufficient capability checks [7].\n\nThe vulnerability **CVE-2024-43428** is a cache poisoning flaw due to insufficient validation of local storage, allowing injection into the storage mechanism [8].\n\nThe vulnerability **CVE-2024-43426** is a serious arbitrary file read flaw due to insufficient sanitisation in the TeX notation filter, affecting sites where pdfTeX is available [9].\n\nThe vulnerability **CVE-2024-43425** is a remote code execution flaw through calculated question types [10].\n\n# Affected Products\n\nThe following Moodle versions are affected by the vulnerabilities:\n\n- 4.4 to 4.4.1;\n- 4.3 to 4.3.5;\n- 4.2 to 4.2.8;\n- 4.1 to 4.1.11;\n- Earlier unsupported versions.\n\n# Recommendations\n\nIt is recommended updating affected assets as soon as possible.\n\n# References\n\n[1] <https://moodle.org/security/index.php>\n\n[2] <https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0696/>\n\n[3] <https://moodle.org/mod/forum/discuss.php?d=461209#p1851881>\n\n[4] <https://moodle.org/mod/forum/discuss.php?d=461209#p1851881>\n\n[5] <https://moodle.org/mod/forum/discuss.php?d=461206#p1851878>\n\n[6] <https://moodle.org/mod/forum/discuss.php?d=461203#p1851874>\n\n[7] <https://moodle.org/mod/forum/discuss.php?d=461199#p1851870>\n\n[8] <https://moodle.org/mod/forum/discuss.php?d=461196#p1851867>\n\n[9] <https://moodle.org/mod/forum/discuss.php?d=461194#p1851864>\n\n[10] <https://moodle.org/mod/forum/discuss.php?d=461193#p1851861>\n\n\n\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>21/08/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On August 19, 2024, Moodle released a security advisory addressing sixteen vulnerabilities of various severities [1,2].</p><p>It is recommended updating as soon as possible.</p><h2 id=\"technical-details\">Technical Details</h2><p>Several CVEs have been assigned with a <em>Serious</em> severity or risk by Moodle. </p><p>The vulnerability <strong>CVE-2024-43440</strong> is a Local File Inclusion (LFI) flaw triggered when restoring malformed block backups [3].</p><p>The vulnerability <strong>CVE-2024-43439</strong> is a flaw in unsanitised H5P error messages allowing for Reflected Cross-Site Scripting (XSS) [4].</p><p>The vulnerability <strong>CVE-2024-43436</strong> is an SQL injection flaw in the XMLDB editor tool available to site administrators [5].</p><p>The vulnerability <strong>CVE-2024-43434</strong> is a flaw in the bulk message sending feature for the feedback module's non-respondents report due to an incorrect CSRF token check, and possibly leading to Cross-Site Request Forgery (CSRF) [6].</p><p>The vulnerability <strong>CVE-2024-43431</strong> is an Insecure Direct Object Reference (IDOR) flaw that allows users to delete badges they do not have permission to access due to insufficient capability checks [7].</p><p>The vulnerability <strong>CVE-2024-43428</strong> is a cache poisoning flaw due to insufficient validation of local storage, allowing injection into the storage mechanism [8].</p><p>The vulnerability <strong>CVE-2024-43426</strong> is a serious arbitrary file read flaw due to insufficient sanitisation in the TeX notation filter, affecting sites where pdfTeX is available [9].</p><p>The vulnerability <strong>CVE-2024-43425</strong> is a remote code execution flaw through calculated question types [10].</p><h2 id=\"affected-products\">Affected Products</h2><p>The following Moodle versions are affected by the vulnerabilities:</p><ul><li>4.4 to 4.4.1;</li><li>4.3 to 4.3.5;</li><li>4.2 to 4.2.8;</li><li>4.1 to 4.1.11;</li><li>Earlier unsupported versions.</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>It is recommended updating affected assets as soon as possible.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://moodle.org/security/index.php\">https://moodle.org/security/index.php</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0696/\">https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0696/</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://moodle.org/mod/forum/discuss.php?d=461209#p1851881\">https://moodle.org/mod/forum/discuss.php?d=461209#p1851881</a></p><p>[4] <a rel=\"noopener\" target=\"_blank\" href=\"https://moodle.org/mod/forum/discuss.php?d=461209#p1851881\">https://moodle.org/mod/forum/discuss.php?d=461209#p1851881</a></p><p>[5] <a rel=\"noopener\" target=\"_blank\" href=\"https://moodle.org/mod/forum/discuss.php?d=461206#p1851878\">https://moodle.org/mod/forum/discuss.php?d=461206#p1851878</a></p><p>[6] <a rel=\"noopener\" target=\"_blank\" href=\"https://moodle.org/mod/forum/discuss.php?d=461203#p1851874\">https://moodle.org/mod/forum/discuss.php?d=461203#p1851874</a></p><p>[7] <a rel=\"noopener\" target=\"_blank\" href=\"https://moodle.org/mod/forum/discuss.php?d=461199#p1851870\">https://moodle.org/mod/forum/discuss.php?d=461199#p1851870</a></p><p>[8] <a rel=\"noopener\" target=\"_blank\" href=\"https://moodle.org/mod/forum/discuss.php?d=461196#p1851867\">https://moodle.org/mod/forum/discuss.php?d=461196#p1851867</a></p><p>[9] <a rel=\"noopener\" target=\"_blank\" href=\"https://moodle.org/mod/forum/discuss.php?d=461194#p1851864\">https://moodle.org/mod/forum/discuss.php?d=461194#p1851864</a></p><p>[10] <a rel=\"noopener\" target=\"_blank\" href=\"https://moodle.org/mod/forum/discuss.php?d=461193#p1851861\">https://moodle.org/mod/forum/discuss.php?d=461193#p1851861</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}