Home » IT Security: Linux and Windows are weak – IT safety hole in Moodle may be very weak! Alert is getting an replace

IT Security: Linux and Windows are weak – IT safety hole in Moodle may be very weak! Alert is getting an replace

by admin
IT Security: Linux and Windows are weak – IT safety hole in Moodle may be very weak!  Alert is getting an replace

An IT safety alert replace for a identified vulnerability has been issued for Moodle. You can learn the way affected customers ought to behave right here.

Federal workplace for Security in Information Technology (BSI) has printed a report on a multi-vulnerable safety gap in Moodle that grew to become identified on May 12, 2024. The Linux and Windows working programs and the open supply product Moodle are affected by the safety gap.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability could be discovered right here: Moodle Security Advisory MSA-24-0020 (From May 12, 2024). Some helpful assets are listed later on this article.

Moodle High Risk – Risk: excessive

Risk stage: 4 (excessive)
CVSS Base Score: 8.8
CVSS provisional rating: 7,7
Remote management: Ja

The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in laptop programs. The CVSS commonplace makes it doable to check potential or precise safety dangers primarily based on numerous standards with the intention to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporary scores additionally consider modifications over time within the danger scenario. The danger of the vulnerability talked about right here is assessed as “excessive” in accordance with the CVSS with a base rating of 8.8.

Moodle Bug: Description of the assault

Moodle is a software program package deal for creating and implementing on-line programs. It is a world mission to develop software program that helps the educating and studying course of.

See also  IBM QRadar SIEM: New Vulnerability! Vulnerability allows Denial of Service

A distant attacker can exploit a number of vulnerabilities in Moodle to execute arbitrary code, bypass ReCAPTCHA, expose delicate info, or carry out a Cross-Site Scripting (XSS) assault.

Vulnerabilities are recognized by CVE (Common Vulnerabilities and Exposures) serial numbers. CVE-2024-33998, CVE-2024-34000, CVE-2024-34001, CVE-2024-34002, CVE-2024-34003, CVE-2024-34004, CVE-2024-34-60002, CVE-600205 2024-34007 , CVE-2024-34008 and CVE-2024-34009 on the market.

Systems affected by Moodle safety vulnerabilities at a look

Operating programs
Linux, Windows

Products
Open supply Moodle Open supply Moodle Open supply Moodle

General suggestions for addressing IT safety gaps

  1. Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them shortly by creating a patch or workaround. If safety patches can be found, set up them instantly.
  2. For info, see the sources listed within the subsequent part. This usually incorporates extra details about the most recent model of the software program in query and the provision of safety patches or efficiency ideas.
  3. If you might have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to usually examine the desired sources to see if a brand new safety replace is offered.

Sources for updates, patches and workarounds

Here you’ll discover some hyperlinks with details about bug studies, safety fixes and workarounds.

Moodle Security Advisory MSA-24-0020 vom 2024-05-12 (12.05.2024)
For extra info, see:

Moodle Security Advisory MSA-24-0019 vom 2024-05-12 (12.05.2024)
For extra info, see:

Moodle Security Advisory MSA-24-0018 vom 2024-05-12 (12.05.2024)
For extra info, see:

Moodle Security Advisory MSA-24-0017 vom 2024-05-12 (12.05.2024)
For extra info, see:

Moodle Security Advisory MSA-24-0016 vom 2024-05-12 (12.05.2024)
For extra info, see:

See also  Attention Star Wars Fans! Seagate Coming Soon to Co-branded External Hard Drives- ezone.hk

Moodle Security Advisory MSA-24-0015 vom 2024-05-12 (12.05.2024)
For extra info, see:

Moodle Security Advisory MSA-24-0014 vom 2024-05-12 (12.05.2024)
For extra info, see:

Moodle Security Advisory MSA-24-0013 vom 2024-05-12 (12.05.2024)
For extra info, see:

Moodle Security Advisory MSA-24-0012 vom 2024-05-12 (12.05.2024)
For extra info, see:

Moodle Security Advisory MSA-24-0011 vom 2024-05-12 (12.05.2024)
For extra info, see:

Version historical past of this safety alert

This is model 2 of this Moodle IT safety discover. If additional updates are introduced, this doc can be up to date. You can examine modifications or additions on this model historical past.

May 12, 2024 – First model
02.06.2024 – CVE added

+++ Editorial notice: This doc relies on present BSI knowledge and can be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll discover sizzling information, present movies and a direct line to the editorial staff.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy