GoogleOSV:GHSA-7PJP-FM93-P6PJCross-Site Request Forgery in moodle
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
7.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
The link to update all installed language packs did not include the necessary token to prevent a CSRF risk.
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-54749
bugzilla.redhat.com/show_bug.cgi?id=2264098
github.com/moodle/moodle
github.com/moodle/moodle/commit/bac703c534d05d4502580fbe32447d5c777869bf
lists.fedoraproject.org/archives/list/[email protected]/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB
moodle.org/mod/forum/discuss.php?d=455638
nvd.nist.gov/vuln/detail/CVE-2024-25982
Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
7.1 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%