Lucene search
RedhatCVE-2015-0218HistoryJun 01, 2015 - 7:59 p.m.
CVE-2015-0218
2015-06-0119:59:07
CWE-352
redhat
web.nvd.nist.gov
23
cve-2015-0218
csrf
vulnerability
authentication
moodle
shibboleth
logout
nvd
security
remote attackers
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.1
Confidence
Low
EPSS
0.002
Percentile
52.5%
Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.
Affected configurations
Node
moodlemoodleRange≤2.5.9
ORmoodlemoodleMatch2.5.0
ORmoodlemoodleMatch2.5.1
ORmoodlemoodleMatch2.5.2
ORmoodlemoodleMatch2.5.3
ORmoodlemoodleMatch2.5.4
ORmoodlemoodleMatch2.5.5
ORmoodlemoodleMatch2.5.6
ORmoodlemoodleMatch2.5.7
ORmoodlemoodleMatch2.5.8
ORmoodlemoodleMatch2.6.0
ORmoodlemoodleMatch2.6.1
ORmoodlemoodleMatch2.6.2
ORmoodlemoodleMatch2.6.3
ORmoodlemoodleMatch2.6.4
ORmoodlemoodleMatch2.6.5
ORmoodlemoodleMatch2.6.6
ORmoodlemoodleMatch2.7.0
ORmoodlemoodleMatch2.7.1
ORmoodlemoodleMatch2.7.2
ORmoodlemoodleMatch2.7.3
ORmoodlemoodleMatch2.8.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| moodle | moodle | * | cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* |
| moodle | moodle | 2.5.0 | cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:* |
| moodle | moodle | 2.5.1 | cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:* |
| moodle | moodle | 2.5.2 | cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:* |
| moodle | moodle | 2.5.3 | cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:* |
| moodle | moodle | 2.5.4 | cpe:2.3:a:moodle:moodle:2.5.4:*:*:*:*:*:*:* |
| moodle | moodle | 2.5.5 | cpe:2.3:a:moodle:moodle:2.5.5:*:*:*:*:*:*:* |
| moodle | moodle | 2.5.6 | cpe:2.3:a:moodle:moodle:2.5.6:*:*:*:*:*:*:* |
| moodle | moodle | 2.5.7 | cpe:2.3:a:moodle:moodle:2.5.7:*:*:*:*:*:*:* |
| moodle | moodle | 2.5.8 | cpe:2.3:a:moodle:moodle:2.5.8:*:*:*:*:*:*:* |
Related
prion
prion
Cross site request forgery (csrf)
2015-06-01 19:59:00
ubuntucve
ubuntucve
CVE-2015-0218
2015-06-01 00:00:00
github
github
Moodle cross-site request forgery (CSRF) vulnerability
2022-05-13 01:12:43
osv
osv
Moodle cross-site request forgery (CSRF) vulnerability
2022-05-13 01:12:43
cvelist
cvelist
CVE-2015-0218
2015-06-01 19:00:00
veracode
veracode
Denial Of Service (DoS) Through Cross-site Request Forgery (CSRF)
2017-07-27 20:30:19
nvd
nvd
CVE-2015-0218
2015-06-01 19:59:07
mageia
mageia
Updated moodle package fixes security vulnerabilities
2015-01-20 17:57:33
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0032)
2022-01-28 00:00:00
Fedora Update for moodle FEDORA-2015-1751
2015-02-15 00:00:00
nessus
nessus
Fedora 21 : moodle-2.7.5-1.fc21 (2015-1751)
2015-02-16 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: moodle-2.7.5-1.fc21
2015-02-15 03:24:22
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.1
Confidence
Low
EPSS
0.002
Percentile
52.5%
Related for CVE-2015-0218