5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
59.6%
moodle/moodle is vulnerable to cross site request forgery. The vulnerability exists due to improper validation of HTTP
request in the course redirection url which allows an attacker to gain access to sensitive information in the system.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | v3.9.17 | |
moodle/moodle | le | v4.0.4 | |
moodle/moodle | le | v3.11.10 | |
moodle/moodle | le | v3.9.17 | |
moodle/moodle | le | v4.0.4 | |
moodle/moodle | le | v3.11.10 |
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75862
bugzilla.redhat.com/show_bug.cgi?id=2142772
github.com/advisories/GHSA-8v23-w4w5-w83c
github.com/moodle/moodle/commit/2378fc0117b250c6a52bcae3527f5b6b49f2a105
github.com/moodle/moodle/commit/3fd54014aefeac9e4182f37a09bf039c00a990f7
github.com/moodle/moodle/commit/75c9e608ce2570bc40cb4df83f60f03261a4678d
github.com/moodle/moodle/commit/8aaede0e7d485188bdf1b5b1dbe7c7edb4b44705
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DHYIIAUXUBHMBEDYU7TYNZXEN2W2SA2/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74SXNGA5RIWM7QNX7H3G7SYIQLP4UUGV/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRJB5JNKK3VVBLV3NH3RI7COEDAXSAB/
lists.fedoraproject.org/archives/list/[email protected]/message/2DHYIIAUXUBHMBEDYU7TYNZXEN2W2SA2/
lists.fedoraproject.org/archives/list/[email protected]/message/74SXNGA5RIWM7QNX7H3G7SYIQLP4UUGV/
lists.fedoraproject.org/archives/list/[email protected]/message/NLRJB5JNKK3VVBLV3NH3RI7COEDAXSAB/
moodle.org/mod/forum/discuss.php?d=440769
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
59.6%