{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<ul> <li>Moodle versions 4.1.x ant\u00e9rieures \u00e0 4.1.10</li> <li>Moodle versions 4.2.x ant\u00e9rieures \u00e0 4.2.7</li> <li>Moodle versions 4.3.x ant\u00e9rieures \u00e0 4.3.4</li> </ul> <p>L'\u00e9diteur pr\u00e9cise que les versions ant\u00e9rieures \u00e0 4.1.x sont vuln\u00e9rables et ne b\u00e9n\u00e9ficieront pas de mises \u00e0 jour de s\u00e9curit\u00e9.</p> ","content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2024-34005","url":"https://www.cve.org/CVERecord?id=CVE-2024-34005"},{"name":"CVE-2024-33999","url":"https://www.cve.org/CVERecord?id=CVE-2024-33999"},{"name":"CVE-2024-33998","url":"https://www.cve.org/CVERecord?id=CVE-2024-33998"},{"name":"CVE-2024-34009","url":"https://www.cve.org/CVERecord?id=CVE-2024-34009"},{"name":"CVE-2024-34002","url":"https://www.cve.org/CVERecord?id=CVE-2024-34002"},{"name":"CVE-2024-34004","url":"https://www.cve.org/CVERecord?id=CVE-2024-34004"},{"name":"CVE-2024-34007","url":"https://www.cve.org/CVERecord?id=CVE-2024-34007"},{"name":"CVE-2024-34006","url":"https://www.cve.org/CVERecord?id=CVE-2024-34006"},{"name":"CVE-2024-33997","url":"https://www.cve.org/CVERecord?id=CVE-2024-33997"},{"name":"CVE-2024-34008","url":"https://www.cve.org/CVERecord?id=CVE-2024-34008"},{"name":"CVE-2024-33996","url":"https://www.cve.org/CVERecord?id=CVE-2024-33996"},{"name":"CVE-2024-34000","url":"https://www.cve.org/CVERecord?id=CVE-2024-34000"},{"name":"CVE-2024-34003","url":"https://www.cve.org/CVERecord?id=CVE-2024-34003"},{"name":"CVE-2024-34001","url":"https://www.cve.org/CVERecord?id=CVE-2024-34001"}],"links":[],"reference":"CERTFR-2024-AVI-0388","revisions":[{"description":"Version initiale","revision_date":"2024-05-13T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Elles\npermettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0\ndistance (XSS), une injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF),\nun contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans Moodle","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0010 du 13 mai 2024","url":"https://moodle.org/mod/forum/discuss.php?d=458387"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0020 du 13 mai 2024","url":"https://moodle.org/mod/forum/discuss.php?d=458398"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0009 du 13 mai 2024","url":"https://moodle.org/mod/forum/discuss.php?d=458386"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0011 du 13 mai 2024","url":"https://moodle.org/mod/forum/discuss.php?d=458388"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0018 du 13 mai 2024","url":"https://moodle.org/mod/forum/discuss.php?d=458396"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0015 du 13 mai 2024","url":"https://moodle.org/mod/forum/discuss.php?d=458393"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0008 du 13 mai 2024","url":"https://moodle.org/mod/forum/discuss.php?d=458385"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0013 du 13 mai 2024","url":"https://moodle.org/mod/forum/discuss.php?d=458390"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0014 du 13 mai 2024","url":"https://moodle.org/mod/forum/discuss.php?d=458391"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0012 du 13 mai 2024","url":"https://moodle.org/mod/forum/discuss.php?d=458389"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0019 du 13 mai 2024","url":"https://moodle.org/mod/forum/discuss.php?d=458397"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0007 du 13 mai 2024","url":"https://moodle.org/mod/forum/discuss.php?d=458384"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0016 du 13 mai 2024","url":"https://moodle.org/mod/forum/discuss.php?d=458394"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-24-0017 du 13 mai 2024","url":"https://moodle.org/mod/forum/discuss.php?d=458395"}]}