GHSA-4wvg-7886-83gv

Source

https://github.com/advisories/GHSA-4wvg-7886-83gv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4wvg-7886-83gv/GHSA-4wvg-7886-83gv.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-4wvg-7886-83gv

Aliases

CVE-2014-0126

Published

2022-05-13T01:12:51Z

Modified

2024-12-07T05:39:35.120408Z

Summary

Moodle cross-site request forgery (CSRF) vulnerability

Details

Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that import an IMS Enterprise file.

Database specific

{
    "nvd_published_at": "2014-03-24T14:20:00Z",
    "cwe_ids": [
        "CWE-352"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-24T16:18:04Z"
}

References

Affected packages

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.9

Affected versions

v2.*

v2.3.4

v2.3.5

v2.3.6

v2.3.7

v2.3.8

v2.3.9

v2.3.10

v2.3.11

v2.4.0-rc1

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.4.7

v2.4.8

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.5.0

Fixed

2.5.5

Affected versions

v2.*

v2.5.0

v2.5.1

v2.5.2

v2.5.3

v2.5.4

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.6.0

Fixed

2.6.2

Affected versions

v2.*

v2.6.0

v2.6.1