Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:4524
HistoryJul 04, 2017 - 9:10 a.m.

Cross-site Request Forgery (CSRF)

2017-07-0409:10:09
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

52.5%

Moodle is vulnerable to cross-site request forgery (CSRF) attacks. These attacks are possible because it does not have enough session checking in enrol/imsenterprise/importnow.php during import of IMS Enterprise identities. This can allow a malicious user to hijack administrator’s authentication during an IMS Enterprise file import.

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

52.5%