{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"2.7 \u00e0 2.7.2","product":{"name":"N/A","vendor":{"name":"Moodle","scada":false}}},{"description":"2.5 \u00e0 2.5.8 et ant\u00e9rieures","product":{"name":"N/A","vendor":{"name":"Moodle","scada":false}}},{"description":"2.6 \u00e0 2.6.5","product":{"name":"N/A","vendor":{"name":"Moodle","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2014-7830","url":"https://www.cve.org/CVERecord?id=CVE-2014-7830"},{"name":"CVE-2014-7834","url":"https://www.cve.org/CVERecord?id=CVE-2014-7834"},{"name":"CVE-2014-7832","url":"https://www.cve.org/CVERecord?id=CVE-2014-7832"},{"name":"CVE-2014-7847","url":"https://www.cve.org/CVERecord?id=CVE-2014-7847"},{"name":"CVE-2014-7836","url":"https://www.cve.org/CVERecord?id=CVE-2014-7836"},{"name":"CVE-2014-7831","url":"https://www.cve.org/CVERecord?id=CVE-2014-7831"},{"name":"CVE-2014-7833","url":"https://www.cve.org/CVERecord?id=CVE-2014-7833"},{"name":"CVE-2014-7838","url":"https://www.cve.org/CVERecord?id=CVE-2014-7838"},{"name":"CVE-2014-7835","url":"https://www.cve.org/CVERecord?id=CVE-2014-7835"},{"name":"CVE-2014-7837","url":"https://www.cve.org/CVERecord?id=CVE-2014-7837"},{"name":"CVE-2014-7846","url":"https://www.cve.org/CVERecord?id=CVE-2014-7846"}],"links":[],"reference":"CERTFR-2014-AVI-485","revisions":[{"description":"version initiale.","revision_date":"2014-11-17T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Injection de code indirecte \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans <span\nclass=\"textit\">Moodle</span>. Certaines d'entre elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans Moodle","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-14-0045 du 17 novembre 2014","url":"https://moodle.org/mod/forum/discuss.php?d=275161"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-14-0036 du 17 novembre 2014","url":"https://moodle.org/mod/forum/discuss.php?d=275147"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-14-0040 du 17 novembre 2014","url":"https://moodle.org/mod/forum/discuss.php?d=275155"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-14-0043 du 17 novembre 2014","url":"https://moodle.org/mod/forum/discuss.php?d=275159"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-14-0042 du 17 novembre 2014","url":"https://moodle.org/mod/forum/discuss.php?d=275158"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-14-0047 du 17 novembre 2014","url":"https://moodle.org/mod/forum/discuss.php?d=275163"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-14-0038 du 17 novembre 2014","url":"https://moodle.org/mod/forum/discuss.php?d=275153"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-14-0049 du 17 novembre 2014","url":"https://moodle.org/mod/forum/discuss.php?d=275165"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-14-0046 du 17 novembre 2014","url":"https://moodle.org/mod/forum/discuss.php?d=275162"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-14-0039 du 17 novembre 2014","url":"https://moodle.org/mod/forum/discuss.php?d=275154"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-14-0048 du 17 novembre 2014","url":"https://moodle.org/mod/forum/discuss.php?d=275164"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-14-0041 du 17 novembre 2014","url":"https://moodle.org/mod/forum/discuss.php?d=275157"}]}