Lucene search

K

Veracode Vulnerability DatabaseVERACODE:38220

HistoryNov 24, 2022 - 5:34 a.m.

Cross Site Request Forgery (CSRF)

2022-11-2405:34:14

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

13

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

59.6%

moodle/moodle is vulnerable to cross site request forgery. The vulnerability exists due to improper validation of HTTP request in the course redirection url which allows an attacker to gain access to sensitive information in the system.

CPENameOperatorVersion
moodle/moodlelev3.9.17
moodle/moodlelev4.0.4
moodle/moodlelev3.11.10
moodle/moodlelev3.9.17
moodle/moodlelev4.0.4
moodle/moodlelev3.11.10

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75862

bugzilla.redhat.com/show_bug.cgi?id=2142772

github.com/advisories/GHSA-8v23-w4w5-w83c

github.com/moodle/moodle/commit/2378fc0117b250c6a52bcae3527f5b6b49f2a105

github.com/moodle/moodle/commit/3fd54014aefeac9e4182f37a09bf039c00a990f7

github.com/moodle/moodle/commit/75c9e608ce2570bc40cb4df83f60f03261a4678d

github.com/moodle/moodle/commit/8aaede0e7d485188bdf1b5b1dbe7c7edb4b44705

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DHYIIAUXUBHMBEDYU7TYNZXEN2W2SA2/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74SXNGA5RIWM7QNX7H3G7SYIQLP4UUGV/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRJB5JNKK3VVBLV3NH3RI7COEDAXSAB/

lists.fedoraproject.org/archives/list/[email protected]/message/2DHYIIAUXUBHMBEDYU7TYNZXEN2W2SA2/

lists.fedoraproject.org/archives/list/[email protected]/message/74SXNGA5RIWM7QNX7H3G7SYIQLP4UUGV/

lists.fedoraproject.org/archives/list/[email protected]/message/NLRJB5JNKK3VVBLV3NH3RI7COEDAXSAB/

moodle.org/mod/forum/discuss.php?d=440769

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

59.6%

Related for VERACODE:38220

github1 cvelist1 nvd1 osv3 ubuntucve1 cve1 prion1 cnvd1 openvas4 fedora3 nessus5 redos1