Описание
A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15.
Ссылки
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
- Vendor Advisory
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0.10 (включая)Версия от 3.1.0 (включая) до 3.1.15 (исключая)Версия от 3.3.0 (включая) до 3.3.9 (исключая)Версия от 3.4.0 (включая) до 3.4.6 (исключая)Версия от 3.5.0 (включая) до 3.5.3 (исключая)
Одно из
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01653
Низкий
6.5 Medium
CVSS3
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
CWE-352
Связанные уязвимости
CVSS3: 6.5
ubuntu
больше 6 лет назад
A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15.
CVSS3: 6.5
debian
больше 6 лет назад
A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to ...
EPSS
Процентиль: 81%
0.01653
Низкий
6.5 Medium
CVSS3
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
CWE-352