Improvement suggestion for Moodle CMS version detection

FairFight · July 19, 2022, 2:45pm

“Moodle CMS Version Detection” OID: 1.3.6.1.4.1.25623.1.0.800239
The current VT is checking /admin/environment.xml - it expects the latest Moodle version to be the version listed in the bottom of the file.
This is however not the case anymore.

A better way to detect the version seems to check in /bin/upgrade.txt for the version number.

Below is example from Git v 3.11.6 of Moodle where environment.xml shows 4.0 and upgrade.txt shows the current version (3.11.6)

lib/upgrade.txt
admin/environment.xml

Would it be possible to correct the VT in the Greenbone feed to use lib/upgrade.txt as source for version detection instead?

ckuerste · July 21, 2022, 3:42am

Hi and welcome to the community!

Thanks a lot for reaching out and especially for the information provided. I’ve raised an internal ticket to get this checked/addressed.

Regards,
Christian

FairFight · August 16, 2022, 11:44am

Thank you, that sounds great!
Is there any news from the internal ticket?

ckuerste · August 17, 2022, 1:47am

We’re still investigating this issue. It’s still not completely sure how reliable the data in upgrade.txt is as it might be just updated when there were API changes but not on every Moodle update which could lead to a wrong detection again.