Alert GCSA-22057 - Aggiornamento di sicurezza per Moodle
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
alert ID: GCSA-22057
data: 19 maggio 2022
titolo: Aggiornamento di sicurezza per Moodle
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versioni della piattaforma di e-learning Moodle
con le quali vengono risolte alcune vulnerabilita' di sicurezza.
MSA-22-0010: Stored XSS in assignment bulk marker allocation form via user ID number
MSA-22-0011: Description field hidden by user policies (hiddenuserfields) is still visible
MSA-22-0012: Global search results reveal authors of content unexpectedly for some activities
MSA-22-0013: SQL injection risk in badge award criteria
MSA-22-0014: Failed login attempts counted incorrectly
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Moodle versioni precedenti alla 3.9.14
Moodle versioni precedenti alla 3.10.11
Moodle versioni precedenti alla 3.11.7
Moodle versioni precedenti alla 4.0.1
Le versioni di Moodle precedenti alla 3.9 non sono piu' supportate.
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Bypass delle funzionalita' di sicurezza (SFB)
Cross-Site Scripting (XSS)
Rivelazione di informazioni (ID)
:: Soluzioni
Aggiornare alle versioni piu' recenti
Moodle 3.9.14, 3.10.11, 3.11.7 e 4.0.1
https://moodle.org/mod/forum/discuss.php?d=434320
https://docs.moodle.org/400/en/Upgrading
https://download.moodle.org/releases/latest/
:: Riferimenti
Moodle - Annunci di sicurezza
https://moodle.org/security/
https://moodle.org/mod/forum/discuss.php?d=434578
https://moodle.org/mod/forum/discuss.php?d=434579
https://moodle.org/mod/forum/discuss.php?d=434580
https://moodle.org/mod/forum/discuss.php?d=434581
https://moodle.org/mod/forum/discuss.php?d=434582
Moodle 3.9.14 release notes
https://docs.moodle.org/dev/Moodle_3.9.14_release_notes
Moodle 3.10.11 release notes
https://docs.moodle.org/dev/Moodle_3.10.11_release_notes
Moodle 3.11.7 release notes
https://docs.moodle.org/dev/Moodle_3.11.7_release_notes
Moodle 4.0.1 release notes
https://docs.moodle.org/dev/Moodle_4.0.1_release_notes
Moodle Security
https://docs.moodle.org/400/en/Security
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30596
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30597
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30598
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30600
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCYoZGKg0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCCDsAn3bxR+AloJNioFbv+KGr35LmHHzXAJ95Ag8k0sDy
CQBslcmbV3zkh4TMiA==
=s+rJ
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
alert ID: GCSA-22057
data: 19 maggio 2022
titolo: Aggiornamento di sicurezza per Moodle
******************************************************************
:: Descrizione del problema
Sono state rilasciate nuove versioni della piattaforma di e-learning Moodle
con le quali vengono risolte alcune vulnerabilita' di sicurezza.
MSA-22-0010: Stored XSS in assignment bulk marker allocation form via user ID number
MSA-22-0011: Description field hidden by user policies (hiddenuserfields) is still visible
MSA-22-0012: Global search results reveal authors of content unexpectedly for some activities
MSA-22-0013: SQL injection risk in badge award criteria
MSA-22-0014: Failed login attempts counted incorrectly
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software interessato
Moodle versioni precedenti alla 3.9.14
Moodle versioni precedenti alla 3.10.11
Moodle versioni precedenti alla 3.11.7
Moodle versioni precedenti alla 4.0.1
Le versioni di Moodle precedenti alla 3.9 non sono piu' supportate.
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Bypass delle funzionalita' di sicurezza (SFB)
Cross-Site Scripting (XSS)
Rivelazione di informazioni (ID)
:: Soluzioni
Aggiornare alle versioni piu' recenti
Moodle 3.9.14, 3.10.11, 3.11.7 e 4.0.1
https://moodle.org/mod/forum/discuss.php?d=434320
https://docs.moodle.org/400/en/Upgrading
https://download.moodle.org/releases/latest/
:: Riferimenti
Moodle - Annunci di sicurezza
https://moodle.org/security/
https://moodle.org/mod/forum/discuss.php?d=434578
https://moodle.org/mod/forum/discuss.php?d=434579
https://moodle.org/mod/forum/discuss.php?d=434580
https://moodle.org/mod/forum/discuss.php?d=434581
https://moodle.org/mod/forum/discuss.php?d=434582
Moodle 3.9.14 release notes
https://docs.moodle.org/dev/Moodle_3.9.14_release_notes
Moodle 3.10.11 release notes
https://docs.moodle.org/dev/Moodle_3.10.11_release_notes
Moodle 3.11.7 release notes
https://docs.moodle.org/dev/Moodle_3.11.7_release_notes
Moodle 4.0.1 release notes
https://docs.moodle.org/dev/Moodle_4.0.1_release_notes
Moodle Security
https://docs.moodle.org/400/en/Security
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30596
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30597
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30598
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30600
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCYoZGKg0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCCDsAn3bxR+AloJNioFbv+KGr35LmHHzXAJ95Ag8k0sDy
CQBslcmbV3zkh4TMiA==
=s+rJ
-----END PGP SIGNATURE-----