{"id":"MGASA-2014-0053","summary":"Updated moodle package fixes security vulnerabilities","details":"Updated moodle package fixes security vulnerabilities:\n\nIn Moodle before 2.4.8, some password changes on admin pages were being\nrecorded and shown to administrators in the config log report\n(CVE-2014-0008).\n\nIn Moodle before 2.4.8, users were able to log in as a user who in a is\nnot in the same group without the permission to see all groups\n(CVE-2014-0009).\n\nIn Moodle 2.4.8, custom profile fields and categories were open to\ndeletion without proper session checking, due to two Cross-site Request\nForgery(CSRF) vulnerabilities in /user/profile/index.php (CVE-2014-0010).\n","modified":"2026-04-16T06:24:16.155352419Z","published":"2014-02-11T22:34:37Z","upstream":["CVE-2014-0008","CVE-2014-0009","CVE-2014-0010"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0053.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=12385"},{"type":"WEB","url":"https://moodle.org/mod/forum/discuss.php?d=252414"},{"type":"WEB","url":"https://moodle.org/mod/forum/discuss.php?d=252415"},{"type":"WEB","url":"https://moodle.org/mod/forum/discuss.php?d=252416"},{"type":"WEB","url":"http://docs.moodle.org/dev/Moodle_2.4.8_release_notes"},{"type":"WEB","url":"https://moodle.org/mod/forum/discuss.php?d=251856"},{"type":"WEB","url":"https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html"}],"affected":[{"package":{"name":"moodle","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/moodle?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.8-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0053.json"}},{"package":{"name":"moodle","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/moodle?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.8-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0053.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}