MGASA-2014-0053
- Source
- https://advisories.mageia.org/MGASA-2014-0053.html
- Import Source
- https://advisories.mageia.org/MGASA-2014-0053.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2014-0053
- Upstream
- Published
- 2014-02-11T22:34:37Z
- Modified
- 2026-04-16T06:24:16.155352419Z
- Summary
- Updated moodle package fixes security vulnerabilities
- Details
-
Updated moodle package fixes security vulnerabilities:
In Moodle before 2.4.8, some password changes on admin pages were being recorded and shown to administrators in the config log report (CVE-2014-0008).
In Moodle before 2.4.8, users were able to log in as a user who in a is not in the same group without the permission to see all groups (CVE-2014-0009).
In Moodle 2.4.8, custom profile fields and categories were open to deletion without proper session checking, due to two Cross-site Request Forgery(CSRF) vulnerabilities in /user/profile/index.php (CVE-2014-0010).
- References
-
- https://advisories.mageia.org/MGASA-2014-0053.html
- https://bugs.mageia.org/show_bug.cgi?id=12385
- https://moodle.org/mod/forum/discuss.php?d=252414
- https://moodle.org/mod/forum/discuss.php?d=252415
- https://moodle.org/mod/forum/discuss.php?d=252416
- http://docs.moodle.org/dev/Moodle_2.4.8_release_notes
- https://moodle.org/mod/forum/discuss.php?d=251856
- https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:3 / moodle
Package
- Name
- moodle
- Purl
- pkg:rpm/mageia/moodle?arch=source&distro=mageia-3
Mageia:4 / moodle
Package
- Name
- moodle
- Purl
- pkg:rpm/mageia/moodle?arch=source&distro=mageia-4