Описание
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.
Ссылки
- Issue TrackingThird Party Advisory
- Vendor Advisory
- Issue TrackingThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.8.9 (включая)Версия от 3.9.0 (включая) до 3.9.12 (исключая)Версия от 3.10.0 (включая) до 3.10.9 (исключая)Версия от 3.11.0 (включая) до 3.11.5 (исключая)
Одно из
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00172
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
CWE-352
Связанные уязвимости
CVSS3: 8.8
ubuntu
больше 3 лет назад
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.
CVSS3: 8.8
debian
больше 3 лет назад
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...
EPSS
Процентиль: 39%
0.00172
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
CWE-352