pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2022-2553/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

360 lines
18 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20222553",
"Version": "oval:org.altlinux.errata:def:20222553",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-2553: package `moodle` update to version 3.11.8-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-2553",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-2553",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-03176",
"RefURL": "https://bdu.fstec.ru/vul/2022-03176",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03179",
"RefURL": "https://bdu.fstec.ru/vul/2022-03179",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03182",
"RefURL": "https://bdu.fstec.ru/vul/2022-03182",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03183",
"RefURL": "https://bdu.fstec.ru/vul/2022-03183",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03231",
"RefURL": "https://bdu.fstec.ru/vul/2022-03231",
"Source": "BDU"
},
{
"RefID": "BDU:2022-04906",
"RefURL": "https://bdu.fstec.ru/vul/2022-04906",
"Source": "BDU"
},
{
"RefID": "BDU:2022-04907",
"RefURL": "https://bdu.fstec.ru/vul/2022-04907",
"Source": "BDU"
},
{
"RefID": "BDU:2022-04908",
"RefURL": "https://bdu.fstec.ru/vul/2022-04908",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06403",
"RefURL": "https://bdu.fstec.ru/vul/2022-06403",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06405",
"RefURL": "https://bdu.fstec.ru/vul/2022-06405",
"Source": "BDU"
},
{
"RefID": "CVE-2022-30596",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-30596",
"Source": "CVE"
},
{
"RefID": "CVE-2022-30597",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-30597",
"Source": "CVE"
},
{
"RefID": "CVE-2022-30598",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-30598",
"Source": "CVE"
},
{
"RefID": "CVE-2022-30599",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-30599",
"Source": "CVE"
},
{
"RefID": "CVE-2022-30600",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-30600",
"Source": "CVE"
},
{
"RefID": "CVE-2022-35649",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-35649",
"Source": "CVE"
},
{
"RefID": "CVE-2022-35650",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-35650",
"Source": "CVE"
},
{
"RefID": "CVE-2022-35651",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-35651",
"Source": "CVE"
},
{
"RefID": "CVE-2022-35652",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-35652",
"Source": "CVE"
},
{
"RefID": "CVE-2022-35653",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-35653",
"Source": "CVE"
}
],
"Description": "This update upgrades moodle to version 3.11.8-alt2. \nSecurity Fix(es):\n\n * BDU:2022-03176: Уязвимость виртуальной обучающей среды Moodle, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю проводить межсайтовые сценарные атаки\n\n * BDU:2022-03179: Уязвимость реализации конфигурации moodle/badges:configurecriteria виртуальной обучающей среды Moodle, позволяющая нарушителю выполнить произвольный SQL-код\n\n * BDU:2022-03182: Уязвимость реализации класса core_auth виртуальной обучающей среды Moodle, позволяющая нарушителю обойти ограничения безопасности\n\n * BDU:2022-03183: Уязвимость реализации класса core_user виртуальной обучающей среды Moodle, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2022-03231: Уязвимость реализации класса core_search виртуальной обучающей среды Moodle, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2022-04906: Уязвимость виртуальной обучающей среды moodle, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю выполнить произвольный код и раскрыть защищаемую информацию\n\n * BDU:2022-04907: Уязвимость реализации функции автоматического входа в систему с мобильных устройств виртуальной обучающей среды Moodle, позволяющая нарушителю провести фишинговую атаку и раскрыть защищаемую информацию\n\n * BDU:2022-04908: Уязвимость модуля LTI виртуальной обучающей среды Moodle, позволяющая нарушителю проводить фишинговые атаки или раскрыть защищаемую информацию\n\n * BDU:2022-06403: Уязвимость виртуальной обучающей среды Moodle, связанная с неправильной проверкой входных данных, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-06405: Уязвимость виртуальной обучающей среды Moodle, связанная с недостаточной проверкой входных данных, позволяющая нарушителю раскрыть защищаемую информацию\n\n * CVE-2022-30596: A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.\n\n * CVE-2022-30597: A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.\n\n * CVE-2022-30598: A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.\n\n * CVE-2022-30599: A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.\n\n * CVE-2022-30600: A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.\n\n * CVE-2022-35649: The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.\n\n * CVE-2022-35650: The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.\n\n * CVE-2022-35651: A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.\n\n * CVE-2022-35652: An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.\n\n * CVE-2022-35653: A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-09-02"
},
"Updated": {
"Date": "2022-09-02"
},
"BDUs": [
{
"ID": "BDU:2022-03176",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://bdu.fstec.ru/vul/2022-03176",
"Impact": "Low",
"Public": "20220315"
},
{
"ID": "BDU:2022-03179",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-89",
"Href": "https://bdu.fstec.ru/vul/2022-03179",
"Impact": "Critical",
"Public": "20220331"
},
{
"ID": "BDU:2022-03182",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-307, CWE-682",
"Href": "https://bdu.fstec.ru/vul/2022-03182",
"Impact": "Critical",
"Public": "20220426"
},
{
"ID": "BDU:2022-03183",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-200, CWE-264, CWE-472",
"Href": "https://bdu.fstec.ru/vul/2022-03183",
"Impact": "Low",
"Public": "20220324"
},
{
"ID": "BDU:2022-03231",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-200, CWE-264",
"Href": "https://bdu.fstec.ru/vul/2022-03231",
"Impact": "Low",
"Public": "20220421"
},
{
"ID": "BDU:2022-04906",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://bdu.fstec.ru/vul/2022-04906",
"Impact": "High",
"Public": "20220718"
},
{
"ID": "BDU:2022-04907",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"CWE": "CWE-601",
"Href": "https://bdu.fstec.ru/vul/2022-04907",
"Impact": "Low",
"Public": "20220718"
},
{
"ID": "BDU:2022-04908",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://bdu.fstec.ru/vul/2022-04908",
"Impact": "Low",
"Public": "20220718"
},
{
"ID": "BDU:2022-06403",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20, CWE-94",
"Href": "https://bdu.fstec.ru/vul/2022-06403",
"Impact": "Critical",
"Public": "20220622"
},
{
"ID": "BDU:2022-06405",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-20, CWE-22",
"Href": "https://bdu.fstec.ru/vul/2022-06405",
"Impact": "High",
"Public": "20220725"
}
],
"CVEs": [
{
"ID": "CVE-2022-30596",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-30596",
"Impact": "Low",
"Public": "20220518"
},
{
"ID": "CVE-2022-30597",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-30597",
"Impact": "Low",
"Public": "20220518"
},
{
"ID": "CVE-2022-30598",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-30598",
"Impact": "Low",
"Public": "20220518"
},
{
"ID": "CVE-2022-30599",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-89",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-30599",
"Impact": "Critical",
"Public": "20220518"
},
{
"ID": "CVE-2022-30600",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-682",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-30600",
"Impact": "Critical",
"Public": "20220518"
},
{
"ID": "CVE-2022-35649",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-35649",
"Impact": "Critical",
"Public": "20220725"
},
{
"ID": "CVE-2022-35650",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-35650",
"Impact": "High",
"Public": "20220725"
},
{
"ID": "CVE-2022-35651",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-35651",
"Impact": "Low",
"Public": "20220725"
},
{
"ID": "CVE-2022-35652",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-601",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-35652",
"Impact": "Low",
"Public": "20220725"
},
{
"ID": "CVE-2022-35653",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"CWE": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-35653",
"Impact": "Low",
"Public": "20220725"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20222553001",
"Comment": "moodle is earlier than 0:3.11.8-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222553002",
"Comment": "moodle-apache2 is earlier than 0:3.11.8-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222553003",
"Comment": "moodle-base is earlier than 0:3.11.8-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222553004",
"Comment": "moodle-local-mysql is earlier than 0:3.11.8-alt2"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink