CVE-2018-16854

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-16854
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16854.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-16854
Aliases
Downstream
Published
2018-11-26T17:29:00.330Z
Modified
2026-04-10T04:06:51.880916Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0bd0ee444a07818fc495c95697ea1ec1a6abeefb
Introduced
268abfacc54c4cbf9722c1502569b311c7caefff
Fixed
da70ec0cca362afc183ee4c3d00f08f4e99116ec
Introduced
b87a580aa3eb23d5f05d7f619fc40a89e0f86fe5
Fixed
5c5ee48bf6061ce8650445a02b62c124e6a9673e
Introduced
665c3ac59c35b7387a4fc70b8ac6600ce9ffeb87
Fixed
d1e834866e37353bdd82bd8bb92fb26a39f39117
Introduced
46574904afd39578fa4146bf1fc5c401ac680aa6
Fixed
789dcd6975004dfaa2d4d3086267fb29cba84da8
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.10"
        },
        {
            "introduced": "3.1.0"
        },
        {
            "fixed": "3.1.15"
        },
        {
            "introduced": "3.3.0"
        },
        {
            "fixed": "3.3.9"
        },
        {
            "introduced": "3.4.0"
        },
        {
            "fixed": "3.4.6"
        },
        {
            "introduced": "3.5.0"
        },
        {
            "fixed": "3.5.3"
        }
    ]
}

Affected versions

v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.1
v1.2.0
v1.2.1
v1.3.0
v2.*
v2.0.0
v2.0.0-rc1
v2.0.0-rc2
v2.0.1
v2.1.0
v2.2.0
v2.2.0-beta
v2.2.0-rc1
v2.3.0
v2.3.0-beta
v2.3.0-rc1
v2.4.0
v2.4.0-beta
v2.4.0-rc1
v2.5.0
v2.5.0-beta
v2.5.0-rc1
v2.6.0
v2.6.0-beta
v2.6.0-rc1
v2.7.0
v2.7.0-beta
v2.7.0-rc1
v2.7.0-rc2
v2.8.0
v2.8.0-beta
v2.8.0-rc1
v2.8.0-rc2
v2.9.0
v2.9.0-beta
v2.9.0-rc1
v2.9.0-rc2
v3.*
v3.0.0
v3.0.0-beta
v3.0.0-rc1
v3.0.0-rc2
v3.0.0-rc3
v3.0.0-rc4
v3.0.1
v3.0.10
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v3.1.0
v3.1.1
v3.1.10
v3.1.11
v3.1.12
v3.1.13
v3.1.14
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.4.0
v3.4.1
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.5.0
v3.5.1
v3.5.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16854.json"