Lucene search

K

GoogleOSV:GHSA-HPMV-WVQ3-GJ27

HistoryMay 13, 2022 - 1:12 a.m.

Moodle cross-site request forgery (CSRF) vulnerability

2022-05-1301:12:47

Google

osv.dev

6

moodle

csrf

vulnerability

registration

administrators

statistics

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

33.4%

Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to hijack the authentication of administrators for requests that send statistics to an arbitrary hub URL.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51091

github.com/moodle/moodle

github.com/moodle/moodle/commit/4bb9e1ad8af12b01499c68543e80f7c12fd557ea

github.com/moodle/moodle/commit/77e072ebec68ba685551b886b71054d1feae6c94

github.com/moodle/moodle/commit/7bf5c6a542efa113dbb241a113cb6079f0572443

github.com/moodle/moodle/commit/a1168a7427f8fa1926a771fe8e6d10aeb6689686

moodle.org/mod/forum/discuss.php?d=323230

nvd.nist.gov/vuln/detail/CVE-2015-5335

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

33.4%

Related for OSV:GHSA-HPMV-WVQ3-GJ27

veracode1 cvelist1 ubuntucve1 prion1 github1 cve1 nvd1 nessus3 mageia1 openvas2 fedora2