moodle Info

moodle was added to epel7 repo on 2016-01-07
Page updated: 2024-04-20 21:14
Repo Status - Overall Status

Source NVR: moodle-3.1.18-1.el7 (2019-05-28)

Binary Packages

moodle moodle-3.1.18-1.el7

Bugs

1629951 NEW CVE-2018-14631 moodle: boost theme - blog search GET parameter insufficiently filtered (MSA-18-0019) [epel-all]
1692910 NEW CVE-2019-3849 moodle: Users could elevate their role when accessing the LTI tool on a provider site [epel-all]
1692918 NEW CVE-2019-3850 moodle: Stored HTML in assignment submission comments allowed links to be opened directly [epel-all]
1692931 NEW CVE-2019-3851 moodle: Secure layout contained an insecure link in Boost theme [epel-all]
1705496 NEW CVE-2019-11631 moodle: remote authenticated administrator allows to execute arbitrary PHP code [epel-all]
1735377 NEW CVE-2019-10188 moodle: Quiz group overrides did not observe groups membership or accessallgroups [epel-all]
1735379 NEW CVE-2019-10187 moodle: Ability to delete glossary entries that belong to another glossary [epel-all]
1735381 NEW CVE-2019-10186 moodle: missing sesskey (CSRF) token in loading/unloading xml files [epel-all]
1788386 NEW CVE-2019-14880 moodle: Add additional verification for some OAuth 2 logins to prevent account compromise [epel-all]
1788392 NEW CVE-2019-14881 moodle: Blind XSS reflected in some locations where user email is displayed [epel-all]
1788395 NEW CVE-2019-14882 moodle: Open redirect in Lesson edit page [epel-all]
1788398 NEW CVE-2019-14883 moodle: Email media URL tokens were not checking for user status [epel-all]
1788402 NEW CVE-2019-14884 moodle: reflected XSS possible from some fatal error messages [epel-all]
1788404 NEW CVE-2019-14879 moodle: Assigned Role in Cohort did not un-assign on removal [epel-all]
1801598 NEW CVE-2020-1692 moodle: users' web service tokens exposed to users in the same course [epel-all]
1837583 NEW CVE-2020-10738 moodle: remote code execution possible via SCORM packages (MSA-20-0006) [epel-all]
1899532 NEW CVE-2020-25698 moodle: Teacher is able to unenrol users without permission using course restore [epel-all]
1899536 NEW CVE-2020-25699 moodle: Privilege escalation within a course when restoring role overrides [epel-all]
1899538 NEW CVE-2020-25700 moodle: Some database module web services did not respect group settings [epel-all]
1899541 NEW CVE-2020-25701 moodle: tool_uploadcourse creates new enrol instances unexpectedly in some circumstances [epel-all]
1899543 NEW CVE-2020-25702 moodle: Stored XSS possible when renaming content bank items [epel-all]
1899545 NEW CVE-2020-25703 moodle: The participants table download feature did not respect the site's "show user identity" configuration [epel-all]
1927284 NEW CVE-2020-25628 moodle: filter in tag manager required extra sanitizing to prevent reflected XSS [epel-7]
1927285 NEW CVE-2020-25629 moodle: users with Log in as capability in a course context leads to privilege escalation [epel-7]
1927286 NEW CVE-2020-25630 moodle: decompressed size of zip files leads to denial of service [epel-7]
1927287 NEW CVE-2020-25631 moodle: XSS vulnerability [epel-7]
1939034 NEW CVE-2021-20279 moodle: Stored XSS via ID number user profile field [epel-all]
1939038 NEW CVE-2021-20280 moodle: Stored XSS and blind SSRF possible via feedback answer text [epel-all]
1939043 NEW CVE-2021-20281 moodle: User full name disclosure within online users block [epel-all]
1939048 NEW CVE-2021-20282 moodle: Bypass email verification secret when confirming account registration [epel-all]
1939052 NEW CVE-2021-20283 moodle: Fetching a user's enrolled courses via web services did not check profile access in each course [epel-all]
1941744 NEW CVE-2019-14828 moodle: course creation did not check the creator's role assignment capability before automatically assigning them as a teacher in the course [epel-all]
1941745 NEW CVE-2019-14829 moodle: moddle: Activity :addinstance capabilities were not respected when creating a course in single activity format [epel-all]
1941747 NEW CVE-2019-14830 moodle: open redirect in the mobile launch endpoint could be used to expose mobile access tokens [epel-all]
1941748 NEW CVE-2019-14831 moodle: forum subscribe link contained an open redirect if forced subscription mode was enabled [epel-all]
2023825 NEW CVE-2021-3943 moodle: remote code execution risk when restoring malformed backup file [epel-7]
2023827 NEW CVE-2021-43558 moodle: reflected XSS in filetype admin tool [epel-7]
2023829 NEW CVE-2021-43559 moodle: CSRF risk on delete related badge feature [epel-7]
2023831 NEW CVE-2021-43560 moodle: IDOR in a calendar web service allows fetching of other users' action events [epel-7]
2043413 NEW CVE-2021-40691 moodle: Session Hijack risk when Shibboleth authentication is enabled [epel-7]
2043416 NEW CVE-2021-40692 moodle: course participants download did not restrict which users could be exported [epel-7]
2043419 NEW CVE-2021-40693 moodle: authentication bypass risk when using external database [epel-7]
2043423 NEW CVE-2021-40694 moodle: arbitrary file read by site administrators via LaTeX preamble [epel-7]
2043426 NEW CVE-2021-40695 moodle: quiz unreleased grade disclosure via web service [epel-7]
2044470 NEW CVE-2022-0332 moodle: SQL injection risk in code fetching h5p activity user attempts [epel-7]
2044472 NEW CVE-2022-0333 moodle: calendar:manageentries capability allows CRUD access to all calendar events [epel-7]
2044474 NEW CVE-2022-0334 moodle: Capability gradereport/user:view not always respected when navigating to a user's course grade report [epel-7]
2044476 NEW CVE-2022-0335 moodle: CSRF risk in badge alignment deletion [epel-7]
2064121 NEW CVE-2022-0985 moodle: Users with moodle/site:uploadusers but without moodle/user:delete could delete users [epel-7]
2064122 NEW CVE-2022-0984 moodle: possible to reach the profile field badge criteria on a course page [epel-7]
2064124 NEW CVE-2022-0983 moodle: SQL injection risk in badges criteria code [epel-7]
2116696 NEW CVE-2020-1754 moodle: users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups [epel-7]
2116701 NEW CVE-2020-1691 moodle: cross-site scripting In Moodle 3.8 [epel-7]
2144704 NEW CVE-2021-23414 CVE-2022-45149 CVE-2022-45150 CVE-2022-45151 CVE-2022-45152 moodle: various flaws [epel-7]
2150757 NEW CVE-2022-40208 moodle: quiz sequential navigation bypass using web services [epel-7]
2160563 NEW CVE-2022-39183 moodle: SAML Auth plugin may allow Open Redirect through unspecified vectors. [epel-7]
2180073 NEW CVE-2023-28329 moodle: Authenticated SQL injection via availability check [epel-7]
2180077 NEW CVE-2023-28330 moodle: Authenticated arbitrary file read through malformed backup file [epel-7]
2180081 NEW CVE-2023-28331 moodle: XSS risk when outputting database activity filter data [epel-7]
2180083 NEW CVE-2023-28332 moodle: Algebra filter XSS when filter is misconfigured [epel-7]
2180085 NEW CVE-2023-28333 moodle: Pix helper potential Mustache code injection risk [epel-7]
2180088 NEW CVE-2023-28334 moodle: Users' name enumeration possible via IDOR on learning plans page [epel-7]
2180091 NEW CVE-2023-28335 moodle: CSRF risk in resetting all templates of a database activity [epel-7]
2180093 NEW CVE-2023-28336 moodle: Teacher can access names of users they do not have permission to access [epel-7]
2180099 NEW CVE-2023-1402 moodle: Course participation report shows roles the user should not see [epel-7]
2192466 NEW CVE-2023-30943 moodle: TinyMCE loaders susceptible to Arbitrary Folder Creation [epel-7]
2192471 NEW CVE-2023-30944 moodle: minor SQL injection risk in external Wiki method for listing pages [epel-7]
2207984 NEW CVE-2021-27131 moodle: stored xss [epel-7]
2216000 NEW CVE-2023-35131 moodle: XSS risk on groups page [epel-7]
2216002 NEW CVE-2023-35132 moodle: Minor SQL injection risk on Mnet SSO access control page [epel-7]
2216004 NEW CVE-2023-35133 moodle: SSRF risk due to insufficient check on the cURL blocked hosts [epel-7]
2236459 NEW CVE-2023-40316 CVE-2023-40317 CVE-2023-40318 CVE-2023-40319 CVE-2023-40320 CVE-2023-40321 CVE-2023-40322 CVE-2023-40323 CVE-2023-40324 CVE-2023-40325 moodle: various flaws [epel-7]
2244897 NEW CVE-2023-5539 moodle: Authenticated remote code execution risk in Lesson [epel-7]
2244898 NEW CVE-2023-5540 moodle: authenticated remote code execution risk in IMSCP [epel-7]
2244900 NEW CVE-2023-5541 moodle: XSS risk when using CSV grade import method [epel-7]
2244902 NEW CVE-2023-5542 moodle: Students can view other users in "Only see own membership" groups [epel-7]
2244904 NEW CVE-2023-5543 moodle: Duplicating a BigBlueButton activity assigns the same meeting ID [epel-7]
2244906 NEW CVE-2023-5544 moodle: Stored XSS and potential IDOR risk in Wiki comments [epel-7]
2244908 NEW CVE-2023-5545 moodle: Auto-populated H5P author name causes a potential information leak [epel-7]
2244910 NEW CVE-2023-5546 moodle: Stored XSS in quiz grading report via user ID number [epel-7]
2244915 NEW CVE-2023-5547 moodle: XSS risk when previewing data in course upload tool [epel-7]
2244917 NEW CVE-2023-5548 moodle: Cache poisoning risk with endpoint revision numbers [epel-7]
2244919 NEW CVE-2023-5549 moodle: Insufficient capability checks when updating the parent of a course category [epel-7]
2244921 NEW CVE-2023-5550 moodle: RCE due to LFI risk in some misconfigured shared hosting environments [epel-7]
2244951 NEW CVE-2023-5551 moodle: Forum summary report shows students from other groups when in Separate Groups mode [epel-7]

Install Failures