GitHub Advisory DatabaseGHSA-WPQ5-Q3MJ-8F3RMoodle multiple cross-site request forgery (CSRF) vulnerabilities
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
52.7%
Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a (1) mod/lti/request_tool.php or (2) mod/lti/instructor_edit_tool_type.php request.
Affected configurations
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47924
openwall.com/lists/oss-security/2014/11/17/11
github.com/advisories/GHSA-wpq5-q3mj-8f3r
github.com/moodle/moodle/commit/48ea41c48f3dcf28fb40fe0b0a1f0c4c0453d34d
github.com/moodle/moodle/commit/75d7e25198eeb6255963e2e46212d89b14e05dd7
github.com/moodle/moodle/commit/babaf596e10ee525e58314b36f8063c65b59aa7d
github.com/moodle/moodle/commit/bac38b11ab95862a831c6e6e60c03caf64eda599
moodle.org/mod/forum/discuss.php?d=275162
nvd.nist.gov/vuln/detail/CVE-2014-7836
web.archive.org/web/20150914064838/www.securitytracker.com/id/1031215
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
52.7%