Описание
Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.
Ссылки
- Patch
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Patch
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.0:beta:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.0:rc1:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.0:rc2:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.6:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.7:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.8:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.9:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.10:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.11:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.12:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.7.13:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.8:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.9:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.10:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.8.11:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.9.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.9.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.9.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.9.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.0.0:rc4:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.0.3:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00126
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.8
ubuntu
около 8 лет назад
Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.
CVSS3: 8.8
debian
около 8 лет назад
Cross-site request forgery (CSRF) vulnerability in markposts.php in Mo ...
CVSS3: 8.8
github
около 3 лет назад
Moodle Cross-site request forgery (CSRF) vulnerability
EPSS
Процентиль: 33%
0.00126
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352