8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.3 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.3%
A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | lt | 3.5.3 | |
moodle/moodle | lt | 3.4.6 | |
moodle/moodle | lt | 3.3.9 | |
moodle/moodle | lt | 3.1.15 |
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-63183
www.securityfocus.com/bid/106017
www.securitytracker.com/id/1042154
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16854
github.com/advisories/GHSA-xj5f-qv37-r9jc
moodle.org/mod/forum/discuss.php?d=378731
nvd.nist.gov/vuln/detail/CVE-2018-16854
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.3 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.3%