{"id":"MGASA-2015-0032","summary":"Updated moodle package fixes security vulnerabilities","details":"Updated moodle package fixes security vulnerabilities:\n\nIn Moodle before 2.6.7, absence of a capability check in AJAX backend script\nin the LTI module could allow any enrolled user to search the list of\nregistered tools (CVE-2015-0211).\n\nIn Moodle before 2.6.7, the course summary on course request pending approval\npage was displayed to the manager unescaped and could be used for XSS attack\n(CVE-2015-0212).\n\nIn Moodle before 2.6.7, two files in the Glossary module lacked a session key\ncheck potentially allowing cross-site request forgery (CVE-2015-0213).\n\nIn Moodle before 2.6.7, through web-services it was possible to access\nmessaging-related functions such as people search even if messaging is\ndisabled on the site (CVE-2015-0214).\n\nIn Moodle before 2.6.7, through web-services it was possible to get\ninformation about calendar events which user did not have enough permissions\nto see (CVE-2015-0215).\n\nIn Moodle before 2.6.7, non-optimal regular expression in the multimedia\nfilter could be exploited to create extra server load or make particular page\nunavailable, resulting in a denial of service (CVE-2015-0217).\n\nIn Moodle before 2.6.7, it was possible to forge a request to logout users\neven when not authenticated through Shibboleth (CVE-2015-0218).\n","modified":"2026-04-16T06:23:43.540798891Z","published":"2015-01-20T14:57:33Z","upstream":["CVE-2015-0211","CVE-2015-0212","CVE-2015-0213","CVE-2015-0214","CVE-2015-0215","CVE-2015-0217","CVE-2015-0218"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0032.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=15084"},{"type":"WEB","url":"https://moodle.org/mod/forum/discuss.php?d=278611"},{"type":"WEB","url":"https://moodle.org/mod/forum/discuss.php?d=278612"},{"type":"WEB","url":"https://moodle.org/mod/forum/discuss.php?d=278613"},{"type":"WEB","url":"https://moodle.org/mod/forum/discuss.php?d=278614"},{"type":"WEB","url":"https://moodle.org/mod/forum/discuss.php?d=278615"},{"type":"WEB","url":"https://moodle.org/mod/forum/discuss.php?d=278617"},{"type":"WEB","url":"https://moodle.org/mod/forum/discuss.php?d=278618"},{"type":"WEB","url":"https://docs.moodle.org/dev/Moodle_2.6.7_release_notes"},{"type":"WEB","url":"https://moodle.org/mod/forum/discuss.php?d=278176"}],"affected":[{"package":{"name":"moodle","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/moodle?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6.7-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0032.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}