GitHub Advisory DatabaseGHSA-HPMV-WVQ3-GJ27Moodle cross-site request forgery (CSRF) vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
33.4%
Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to hijack the authentication of administrators for requests that send statistics to an arbitrary hub URL.
Affected configurations
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51091
github.com/advisories/GHSA-hpmv-wvq3-gj27
github.com/moodle/moodle/commit/4bb9e1ad8af12b01499c68543e80f7c12fd557ea
github.com/moodle/moodle/commit/77e072ebec68ba685551b886b71054d1feae6c94
github.com/moodle/moodle/commit/7bf5c6a542efa113dbb241a113cb6079f0572443
github.com/moodle/moodle/commit/a1168a7427f8fa1926a771fe8e6d10aeb6689686
moodle.org/mod/forum/discuss.php?d=323230
nvd.nist.gov/vuln/detail/CVE-2015-5335
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
33.4%