Veracode Vulnerability DatabaseVERACODE:38220Cross Site Request Forgery (CSRF)
0.002 Low
EPSS
Percentile
59.1%
moodle/moodle is vulnerable to cross site request forgery. The vulnerability exists due to improper validation of HTTP request in the course redirection url which allows an attacker to gain access to sensitive information in the system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| moodle/moodle | le | v3.9.17 | |
| moodle/moodle | le | v4.0.4 | |
| moodle/moodle | le | v3.11.10 | |
| moodle/moodle | le | v3.9.17 | |
| moodle/moodle | le | v4.0.4 | |
| moodle/moodle | le | v3.11.10 |
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75862
bugzilla.redhat.com/show_bug.cgi?id=2142772
github.com/advisories/GHSA-8v23-w4w5-w83c
github.com/moodle/moodle/commit/2378fc0117b250c6a52bcae3527f5b6b49f2a105
github.com/moodle/moodle/commit/3fd54014aefeac9e4182f37a09bf039c00a990f7
github.com/moodle/moodle/commit/75c9e608ce2570bc40cb4df83f60f03261a4678d
github.com/moodle/moodle/commit/8aaede0e7d485188bdf1b5b1dbe7c7edb4b44705
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DHYIIAUXUBHMBEDYU7TYNZXEN2W2SA2/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74SXNGA5RIWM7QNX7H3G7SYIQLP4UUGV/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRJB5JNKK3VVBLV3NH3RI7COEDAXSAB/
lists.fedoraproject.org/archives/list/[email protected]/message/2DHYIIAUXUBHMBEDYU7TYNZXEN2W2SA2/
lists.fedoraproject.org/archives/list/[email protected]/message/74SXNGA5RIWM7QNX7H3G7SYIQLP4UUGV/
lists.fedoraproject.org/archives/list/[email protected]/message/NLRJB5JNKK3VVBLV3NH3RI7COEDAXSAB/
moodle.org/mod/forum/discuss.php?d=440769
Related
