CVE-2022-0335

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-0335
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0335.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-0335
Aliases
Related
Published
2022-01-25T20:15:08Z
Modified
2025-02-19T03:26:32.835103Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events

Affected versions

v3.*

v3.9.0
v3.9.1
v3.9.10
v3.9.11
v3.9.2
v3.9.3
v3.9.4
v3.9.5
v3.9.6
v3.9.7
v3.9.8
v3.9.9