Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2025-53021

Опубликовано: 24 июн. 2025
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 4.2

Описание

A session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to hijack user sessions via the sesskey parameter. The sesskey can be obtained without authentication and reused within the OAuth2 login flow, resulting in the victim's session being linked to the attacker's. Successful exploitation results in full account takeover. According to the Moodle Releases page, "Bug fixes for security issues in 3.11.x ended 11 December 2023." NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

РелизСтатусПримечание
devel

DNE

esm-apps/bionic

needs-triage

esm-apps/xenial

needs-triage

jammy

DNE

noble

DNE

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

EPSS

Процентиль: 35%
0.00138
Низкий

4.2 Medium

CVSS3

Связанные уязвимости

CVSS3: 4.2
nvd
около 1 месяца назад

A session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to hijack user sessions via the sesskey parameter. The sesskey can be obtained without authentication and reused within the OAuth2 login flow, resulting in the victim's session being linked to the attacker's. Successful exploitation results in full account takeover. According to the Moodle Releases page, "Bug fixes for security issues in 3.11.x ended 11 December 2023." NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS3: 4.2
debian
около 1 месяца назад

A session fixation vulnerability in Moodle 3.x through 3.11.18 allows ...

CVSS3: 4.2
github
около 1 месяца назад

Moodle Session Fixation allows unauthenticated users to hijack sessions via sesskey parameter

EPSS

Процентиль: 35%
0.00138
Низкий

4.2 Medium

CVSS3