pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2021-1777/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

294 lines
14 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20211777",
"Version": "oval:org.altlinux.errata:def:20211777",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-1777: package `moodle` update to version 3.10.4-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-1777",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-1777",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-02734",
"RefURL": "https://bdu.fstec.ru/vul/2021-02734",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02735",
"RefURL": "https://bdu.fstec.ru/vul/2021-02735",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02736",
"RefURL": "https://bdu.fstec.ru/vul/2021-02736",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02737",
"RefURL": "https://bdu.fstec.ru/vul/2021-02737",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02738",
"RefURL": "https://bdu.fstec.ru/vul/2021-02738",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02739",
"RefURL": "https://bdu.fstec.ru/vul/2021-02739",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02740",
"RefURL": "https://bdu.fstec.ru/vul/2021-02740",
"Source": "BDU"
},
{
"RefID": "CVE-2021-32244",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-32244",
"Source": "CVE"
},
{
"RefID": "CVE-2021-32472",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-32472",
"Source": "CVE"
},
{
"RefID": "CVE-2021-32473",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-32473",
"Source": "CVE"
},
{
"RefID": "CVE-2021-32474",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-32474",
"Source": "CVE"
},
{
"RefID": "CVE-2021-32475",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-32475",
"Source": "CVE"
},
{
"RefID": "CVE-2021-32476",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-32476",
"Source": "CVE"
},
{
"RefID": "CVE-2021-32477",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-32477",
"Source": "CVE"
},
{
"RefID": "CVE-2021-32478",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-32478",
"Source": "CVE"
}
],
"Description": "This update upgrades moodle to version 3.10.4-alt1. \nSecurity Fix(es):\n\n * BDU:2021-02734: Уязвимость виртуальной обучающей среды Moodle, существующая из-за недостаточной очистки предоставленных пользователем данных в конечной точке авторизации LTI, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)\n\n * BDU:2021-02735: Уязвимость виртуальной обучающей среды Moodle, связанная с раскрытием информации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации в формате CSV\n\n * BDU:2021-02736: Уязвимость виртуальной обучающей среды Moodle, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2021-02737: Уязвимость виртуальной обучающей среды Moodle, существующая из-за недостаточной очистки предоставленных пользователем данных в вызове XML-RPC, позволяющая нарушителю произвольные SQL-запросы\n\n * BDU:2021-02738: Уязвимость виртуальной обучающей среды Moodle, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить произвольный HTML-код и код сценария в браузере пользователя в контексте уязвимого веб-сайта\n\n * BDU:2021-02739: Уязвимость виртуальной обучающей среды Moodle, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-02740: Уязвимость виртуальной обучающей среды Moodle, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2021-32244: Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the \"Description\" field.\n\n * CVE-2021-32472: Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected.\n\n * CVE-2021-32473: It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected\n\n * CVE-2021-32474: An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.\n\n * CVE-2021-32475: ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.\n\n * CVE-2021-32476: A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.\n\n * CVE-2021-32477: The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected.\n\n * CVE-2021-32478: The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-05-10"
},
"Updated": {
"Date": "2021-05-10"
},
"BDUs": [
{
"ID": "BDU:2021-02734",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://bdu.fstec.ru/vul/2021-02734",
"Impact": "Low",
"Public": "20210517"
},
{
"ID": "BDU:2021-02735",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2021-02735",
"Impact": "Low",
"Public": "20210517"
},
{
"ID": "BDU:2021-02736",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-20, CWE-200",
"Href": "https://bdu.fstec.ru/vul/2021-02736",
"Impact": "Low",
"Public": "20210517"
},
{
"ID": "BDU:2021-02737",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-89",
"Href": "https://bdu.fstec.ru/vul/2021-02737",
"Impact": "High",
"Public": "20210517"
},
{
"ID": "BDU:2021-02738",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://bdu.fstec.ru/vul/2021-02738",
"Impact": "High",
"Public": "20210517"
},
{
"ID": "BDU:2021-02739",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2021-02739",
"Impact": "Low",
"Public": "20210517"
},
{
"ID": "BDU:2021-02740",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2021-02740",
"Impact": "High",
"Public": "20210517"
}
],
"CVEs": [
{
"ID": "CVE-2021-32244",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-32244",
"Impact": "Low",
"Public": "20210616"
},
{
"ID": "CVE-2021-32472",
"CVSS": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"CWE": "CWE-862",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-32472",
"Impact": "Low",
"Public": "20220311"
},
{
"ID": "CVE-2021-32473",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-32473",
"Impact": "Low",
"Public": "20220311"
},
{
"ID": "CVE-2021-32474",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-89",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-32474",
"Impact": "High",
"Public": "20220311"
},
{
"ID": "CVE-2021-32475",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-32475",
"Impact": "Low",
"Public": "20220311"
},
{
"ID": "CVE-2021-32476",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-770",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-32476",
"Impact": "High",
"Public": "20220311"
},
{
"ID": "CVE-2021-32477",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-862",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-32477",
"Impact": "Low",
"Public": "20220311"
},
{
"ID": "CVE-2021-32478",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-32478",
"Impact": "Low",
"Public": "20220311"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20211777001",
"Comment": "moodle is earlier than 0:3.10.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211777002",
"Comment": "moodle-apache2 is earlier than 0:3.10.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211777003",
"Comment": "moodle-base is earlier than 0:3.10.4-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211777004",
"Comment": "moodle-local-mysql is earlier than 0:3.10.4-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink