Lucene search

GitHub Advisory DatabaseGHSA-8G5H-GJWQ-W5CH

HistoryMay 31, 2024 - 9:30 p.m.

Moodle Logout CSRF in admin/tool/mfa/auth.php

2024-05-3121:30:55

CWE-352

GitHub Advisory Database

github.com

moodle

mfa

csrf

vulnerability

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF.

Affected configurations

Vulners

Node

moodlemoodleRange<4.3.4

CPENameOperatorVersion
moodle/moodlelt4.3.4

CPE	Name	Operator	Version
	moodle/moodle	lt	4.3.4

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80877

github.com/advisories/GHSA-8g5h-gjwq-w5ch

moodle.org/mod/forum/discuss.php?d=458396

nvd.nist.gov/vuln/detail/CVE-2024-34007