0.001 Low
EPSS
Percentile
31.9%
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The “delete badge alignment” functionality did not include the necessary token check to prevent a CSRF risk.
bugzilla.redhat.com/show_bug.cgi?id=2043666
github.com/moodle/moodle
github.com/moodle/moodle/commit/d40cc61eba229c6d1f47b9a525022fbc9136b9f6
moodle.org/mod/forum/discuss.php?d=431103
nvd.nist.gov/vuln/detail/CVE-2022-0335