GitHub Advisory DatabaseGHSA-HHQ7-JF2P-HW9CMoodle multiple cross-site request forgery (CSRF) vulnerabilities
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
52.5%
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims.
Affected configurations
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48106
openwall.com/lists/oss-security/2015/01/19/1
github.com/advisories/GHSA-hhq7-jf2p-hw9c
github.com/moodle/moodle/commit/5770e5147838aa06a3ecdff6fc3aebbbd17fff90
github.com/moodle/moodle/commit/c4250ef4f23776ff4862d2860b6be2cf7b2d85f6
github.com/moodle/moodle/commit/e83c756f84e16ab70e160e08deb84e9bc4bfbfea
moodle.org/mod/forum/discuss.php?d=278613
nvd.nist.gov/vuln/detail/CVE-2015-0213
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
52.5%