Lucene search

K

GoogleOSV:GHSA-R867-V437-4RRM

HistoryMay 13, 2022 - 1:12 a.m.

Moodle Cross-site request forgery (CSRF) vulnerability

2022-05-1301:12:38

Google

osv.dev

4

moodle

csrf

vulnerability

markposts.php

hijack authentication

forum posts

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

61.9%

Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755

www.openwall.com/lists/oss-security/2016/05/17/4

bugzilla.redhat.com/show_bug.cgi?id=1335933

github.com/moodle/moodle

github.com/moodle/moodle/commit/01408d619ba89d32f9ad83308990ff9b0374cb57

github.com/moodle/moodle/commit/1f5c494f761ef7961c449075adf192e149148e1a

github.com/moodle/moodle/commit/7873e36f0cc0ccfd1424ff9302eb1ea9e4e74305

github.com/moodle/moodle/commit/d98c24659935c1bdff4b35ec0a85ab1a3ab05d9f

github.com/moodle/moodle/commit/e90e0ea5700ee9b016034b74ed7f41787109d1a2

nvd.nist.gov/vuln/detail/CVE-2016-3734

web.archive.org/web/20160703032310/www.securitytracker.com/id/1035902

web.archive.org/web/20160930194927/www.securityfocus.com/bid/91281

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

61.9%

Related for OSV:GHSA-R867-V437-4RRM

ubuntucve1 veracode1 cve1 prion1 cvelist1 osv1 nvd1 github1 fedora1 nessus2 openvas3 freebsd1