Cross Site Request Forgery in Moodle

2022-01-2822:07:23

Google

osv.dev

0.001 Low

EPSS

Percentile

31.9%

JSON

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The “delete badge alignment” functionality did not include the necessary token check to prevent a CSRF risk.

CPENameOperatorVersion
moodle/moodleeq3.11.0
moodle/moodleeq3.10.6
moodle/moodleeq3.10.5
moodle/moodleeq3.9.0
moodle/moodleeq3.11.0-rc2
moodle/moodleeq3.9.10
moodle/moodleeq3.11.3
moodle/moodleeq3.11.4
moodle/moodleeq3.10.4
moodle/moodleeq3.9.9

Name	Operator	Version
moodle/moodle	eq	3.11.0
moodle/moodle	eq	3.10.6
moodle/moodle	eq	3.10.5
moodle/moodle	eq	3.9.0
moodle/moodle	eq	3.11.0-rc2
moodle/moodle	eq	3.9.10
moodle/moodle	eq	3.11.3
moodle/moodle	eq	3.11.4
moodle/moodle	eq	3.10.4
moodle/moodle	eq	3.9.9