Описание
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.
Ссылки
- Broken LinkThird Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- PatchVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.5.7 (исключая)Версия от 3.6.0 (включая) до 3.6.5 (исключая)Версия от 3.7.0 (включая) до 3.7.1 (исключая)
Одно из
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00309
Низкий
6.5 Medium
CVSS3
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
CWE-352
Связанные уязвимости
CVSS3: 8.8
ubuntu
почти 6 лет назад
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.
CVSS3: 8.8
debian
почти 6 лет назад
A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sess ...
EPSS
Процентиль: 54%
0.00309
Низкий
6.5 Medium
CVSS3
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
CWE-352