GoogleOSV:GHSA-H75F-HJCR-CVH8Moodle multiple cross-site request forgery (CSRF) vulnerabilities
7.4 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
51.8%
Multiple cross-site request forgery (CSRF) vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests.
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44606
openwall.com/lists/oss-security/2014/05/19/1
github.com/moodle/moodle
github.com/moodle/moodle/commit/0cd720fe512d48c2af81fc054c042c9c63e8a234
github.com/moodle/moodle/commit/436ef91ceb3cedfbf7297cb9e09ef69c0b323d77
github.com/moodle/moodle/commit/a57eacc114ee8e5423102000c9954f66f03ffeb2
github.com/moodle/moodle/commit/f977d376c936ba09872884dc822463e76f6cfeb6
moodle.org/mod/forum/discuss.php?d=260361
nvd.nist.gov/vuln/detail/CVE-2014-0213
Related
7.4 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
51.8%