Описание
Moodle multiple cross-site request forgery (CSRF) vulnerabilities
Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to (1) mod/lesson/mediafile.php or (2) mod/lesson/view.php.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-5338
- https://github.com/moodle/moodle/commit/541c5b8552e0162010d0259c90a04eb63e875958
- https://github.com/moodle/moodle/commit/817cae1ac7ca748ba368439a40ef67d555774485
- https://github.com/moodle/moodle/commit/dcb42c9ed13b0c0ec2dde22b62ef69772d7725e6
- https://github.com/moodle/moodle/commit/f75333766c7295932baa72a9dbe9542baf14e107
- https://moodle.org/mod/forum/discuss.php?d=323233
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48109
Пакеты
moodle/moodle
< 2.7.11
2.7.11
moodle/moodle
>= 2.8.0, < 2.8.9
2.8.9
moodle/moodle
>= 2.9.0, < 2.9.3
2.9.3
Связанные уязвимости
Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to (1) mod/lesson/mediafile.php or (2) mod/lesson/view.php.
Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to (1) mod/lesson/mediafile.php or (2) mod/lesson/view.php.
Multiple cross-site request forgery (CSRF) vulnerabilities in the less ...
Уязвимости системы управления обучением Мoodle, позволяющие нарушителю получить доступ к аутентификационным данным произвольных пользователей