Lucene search
GitHub Advisory DatabaseGHSA-XJR3-FWP9-9G96HistoryOct 06, 2022 - 6:52 p.m.
Moodle Cross-Site Request Forgery (CSRF)
2022-10-0618:52:03
CWE-352
GitHub Advisory Database
github.com
6
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
31.9%
Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk.
Affected configurations
Node
moodlemoodleRange<4.0.3
ORmoodlemoodleRange<3.11.9
| CPE | Name | Operator | Version |
|---|---|---|---|
| moodle/moodle | lt | 4.0.3 | |
| moodle/moodle | lt | 3.11.9 |
Related
ubuntucve
ubuntucve
CVE-2022-2986
2022-10-06 00:00:00
osv
osv
CVE-2022-2986
2022-10-06 18:16:00
Moodle Cross-Site Request Forgery (CSRF)
2022-10-06 18:52:03
BIT-moodle-2022-2986
2024-03-06 11:05:00
openvas
openvas
Moodle 3.11.x < 3.11.9, 4.0.x < 4.0.3 CSRF Vulnerability
2023-10-31 00:00:00
cve
cve
CVE-2022-2986
2022-10-06 18:16:00
prion
prion
Cross site request forgery (csrf)
2022-10-06 18:16:00
veracode
veracode
Cross-site Request Forgery (CSRF)
2022-10-11 14:59:24
cvelist
cvelist
CVE-2022-2986
2022-10-06 00:00:00
nvd
nvd
CVE-2022-2986
2022-10-06 18:16:00
nessus
nessus
Moodle 4.0.x < 4.0.3 Multiple Vulnerabilities
2023-02-20 00:00:00
Moodle 3.9.x < 3.9.16 Multiple Vulnerabilities
2023-02-20 00:00:00
Moodle 3.11.x < 3.11.9 Multiple Vulnerabilities
2023-02-20 00:00:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.7 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
31.9%
Related for GHSA-XJR3-FWP9-9G96