Bug 1242776 (CVE-2015-3272, CVE-2015-3273, CVE-2015-3274, CVE-2015-3275)

Summary: CVE-2015-3273 CVE-2015-3275 CVE-2015-3274 CVE-2015-3272 moodle: multiple flaws fixed in 2.9.1, 2.8.7, and 2.7.9
Product: [Other] Security Response Reporter: Martin Prpič <mprpic>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: gwync
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: moodle 2.9.1, moodle 2.8.7, moodle 2.7.9 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 02:42:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1242777, 1242778    
Bug Blocks:    

Description Martin Prpič 2015-07-14 07:39:42 UTC 
The following issues have been identified in Moodle:

==============================================================================
MSA-15-0026: Possible phishing when redirecting to external site using referer
header

Description:       Another case when redirecting to external site was possible
                   in error messages. See also MSA-15-0019 (CVE-2015-3175)
Issue summary:     PARAM_LOCALURL is vulnerable to open redirects
Severity/Risk:     Minor
Versions affected: 2.9, 2.8 to 2.8.6, 2.7 to 2.7.8 and earlier unsupported
                   versions
Versions fixed:    2.9.1, 2.8.7 and 2.7.9
Reported by:       Totara
Issue no.:         MDL-50688
CVE identifier:    CVE-2015-3272
Changes (master):
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688

==============================================================================
MSA-15-0027: Capability 'mod/forum:canposttomygroups' is not respected when
using 'Post a copy to all groups' in forum

Description:       Capability 'mod/forum:canposttomygroups' was not respected
                   when using 'Post a copy to all groups' in forum. Capability
                   to post to each individual group was always required.
Issue summary:     canposttomygroups capability is not checked in
                   mod/forum/post.php
Severity/Risk:     Minor
Versions affected: 2.9
Versions fixed:    2.9.1
Reported by:       Juan Leyva
Issue no.:         MDL-50220
CVE identifier:    CVE-2015-3273
Changes (master):
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50220

==============================================================================
MSA-15-0028: Possible XSS through custom text profile fields in Web Services

Description:       Several web services returning user information did not
                   clean text in text custom profile fields
Issue summary:     Custom profile fields (textarea) are not passed through
                   external_format_text when returned by several web services
Severity/Risk:     Minor
Versions affected: 2.9, 2.8 to 2.8.6, 2.7 to 2.7.8 and earlier unsupported
                   versions
Versions fixed:    2.9.1, 2.8.7 and 2.7.9
Reported by:       Marina Glancy
Issue no.:         MDL-50130
CVE identifier:    CVE-2015-3274
Changes (master):
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50130

==============================================================================
MSA-15-0029: Javascript injection in SCORM module

Description:       Penetration test discovered possible Javascript injection
                   in SCORM module
Issue summary:     Inadequate JavaScript Handling in SCORM
Severity/Risk:     Minor
Versions affected: 2.9, 2.8 to 2.8.6, 2.7 to 2.7.8 and earlier unsupported
                   versions
Versions fixed:    2.9.1, 2.8.7 and 2.7.9
Reported by:       Martin Greenaway
Issue no.:         MDL-50614
CVE identifier:    CVE-2015-3275
Changes (master):
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50614


Advisories are also available from:

https://moodle.org/security/
Comment 1 Martin Prpič 2015-07-14 07:40:38 UTC 
Created moodle tracking bugs for this issue:

Affects: fedora-all [bug 1242777]
Affects: epel-6 [bug 1242778]
Comment 2 Product Security DevOps Team 2019-06-08 02:42:09 UTC 
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.