CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
61.9%
Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755
www.openwall.com/lists/oss-security/2016/05/17/4
bugzilla.redhat.com/show_bug.cgi?id=1335933
github.com/advisories/GHSA-r867-v437-4rrm
github.com/moodle/moodle/commit/01408d619ba89d32f9ad83308990ff9b0374cb57
github.com/moodle/moodle/commit/1f5c494f761ef7961c449075adf192e149148e1a
github.com/moodle/moodle/commit/7873e36f0cc0ccfd1424ff9302eb1ea9e4e74305
github.com/moodle/moodle/commit/d98c24659935c1bdff4b35ec0a85ab1a3ab05d9f
github.com/moodle/moodle/commit/e90e0ea5700ee9b016034b74ed7f41787109d1a2
nvd.nist.gov/vuln/detail/CVE-2016-3734
web.archive.org/web/20160703032310/www.securitytracker.com/id/1035902
web.archive.org/web/20160930194927/www.securityfocus.com/bid/91281
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
61.9%