GHSA-3jrj-x6cj-97cp
Suggest an improvement- Source
- https://github.com/advisories/GHSA-3jrj-x6cj-97cp
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3jrj-x6cj-97cp/GHSA-3jrj-x6cj-97cp.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-3jrj-x6cj-97cp
- Aliases
-
- BIT-moodle-2021-43559
- CVE-2021-43559
- Published
- 2022-05-24T19:21:11Z
- Modified
- 2024-02-16T08:20:54.831872Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Moodle contains CSRF vulnerability
- Details
-
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.
- Database specific
{ "nvd_published_at": "2021-11-22T16:15:00Z", "cwe_ids": [ "CWE-352" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-07-11T18:35:18Z" }- References
Affected packages
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle