Lucene search

K

GoogleOSV:GHSA-HHQ7-JF2P-HW9C

HistoryMay 13, 2022 - 1:12 a.m.

Moodle multiple cross-site request forgery (CSRF) vulnerabilities

2022-05-1301:12:43

Google

osv.dev

2

moodle

csrf

vulnerabilities

glossary module

remote attackers

authentication

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

52.5%

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48106

openwall.com/lists/oss-security/2015/01/19/1

github.com/moodle/moodle

github.com/moodle/moodle/commit/5770e5147838aa06a3ecdff6fc3aebbbd17fff90

github.com/moodle/moodle/commit/c4250ef4f23776ff4862d2860b6be2cf7b2d85f6

github.com/moodle/moodle/commit/e83c756f84e16ab70e160e08deb84e9bc4bfbfea

moodle.org/mod/forum/discuss.php?d=278613

nvd.nist.gov/vuln/detail/CVE-2015-0213

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

52.5%

Related for OSV:GHSA-HHQ7-JF2P-HW9C

cvelist1 ubuntucve1 veracode1 nvd1 github1 prion1 cve1 nessus2 mageia1 openvas2 fedora1