Lucene search

K

Ubuntu.comUB:CVE-2014-0010

HistoryJan 20, 2014 - 12:00 a.m.

CVE-2014-0010

2014-01-2000:00:00

ubuntu.com

ubuntu.com

6

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.3%

Multiple cross-site request forgery (CSRF) vulnerabilities in
user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x
before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote
attackers to hijack the authentication of administrators for requests that
delete (1) categories or (2) fields.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42883

openwall.com/lists/oss-security/2014/01/20/1

launchpad.net/bugs/cve/CVE-2014-0010

moodle.org/mod/forum/discuss.php?d=252416

nvd.nist.gov/vuln/detail/CVE-2014-0010

security-tracker.debian.org/tracker/CVE-2014-0010

www.cve.org/CVERecord?id=CVE-2014-0010

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.3%

Related for UB:CVE-2014-0010

prion1 nvd1 cve1 cvelist1 veracode1 nessus4 mageia1 fedora2 openvas3