moodle/moodle is vulnerable to Cross Site Request Forgery. The vulnerability is due to misuse of confirm_sesskey. An attacker can exploit this flaw to perform unauthorized actions on behalf of a legitimate user.
github.com/advisories/GHSA-356g-7x36-7m34
github.com/moodle/moodle/commit/c1aacb3e2884ea4dcc221c5ef2e449ce345f78ae
github.com/moodle/moodle/commit/da8e8cee6ffaf7c184eded97e1016f20c9de0561
github.com/moodle/moodle/commit/dc84fcfab06a4a0fe37797b8422e9fe3a1031c3e
github.com/moodle/moodle/commit/f2807dee5bc777d9c58b7a70cba6e4c21ee02ea1
lists.fedoraproject.org/archives/list/[email protected]/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/
lists.fedoraproject.org/archives/list/[email protected]/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/
moodle.org/mod/forum/discuss.php?d=459501