GHSA-88xj-97gf-7wpq

Source

https://github.com/advisories/GHSA-88xj-97gf-7wpq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-88xj-97gf-7wpq/GHSA-88xj-97gf-7wpq.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-88xj-97gf-7wpq

Aliases

CVE-2025-3635

Published

2025-04-25T15:31:23Z

Modified

2025-04-25T17:27:08.790290Z

Severity

3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

Moodle has a CSRF risk in user tours manager that allows tour duplication

Details

A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks.

Database specific

{
    "nvd_published_at": "2025-04-25T15:15:37Z",
    "cwe_ids": [
        "CWE-352"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-25T16:51:40Z"
}

References

Affected packages

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.1.18

Affected versions

v2.*

v2.3.4

v2.3.5

v2.3.6

v2.3.7

v2.3.8

v2.3.9

v2.3.10

v2.3.11

v2.4.0-rc1

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.4.7

v2.4.8

v2.4.9

v2.4.10

v2.4.11

v2.5.0-beta

v2.5.0-rc1

v2.5.0

v2.5.1

v2.5.2

v2.5.3

v2.5.4

v2.5.5

v2.5.6

v2.5.7

v2.5.8

v2.5.9

v2.6.0-beta

v2.6.0-rc1

v2.6.0

v2.6.1

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.6.7

v2.6.8

v2.6.9

v2.6.10

v2.6.11

v2.7.0-beta

v2.7.0-rc1

v2.7.0-rc2

v2.7.0

v2.7.1

v2.7.2

v2.7.3

v2.7.4

v2.7.5

v2.7.6

v2.7.7

v2.7.8

v2.7.9

v2.7.10

v2.7.11

v2.7.12

v2.7.13

v2.7.14

v2.7.15

v2.7.16

v2.7.17

v2.7.18

v2.7.19

v2.7.20

v2.8.0-beta

v2.8.0-rc1

v2.8.0-rc2

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.8.6

v2.8.7

v2.8.8

v2.8.9

v2.8.10

v2.8.11

v2.8.12

v2.9.0-beta

v2.9.0-rc1

v2.9.0-rc2

v2.9.0

v2.9.1

v2.9.2

v2.9.3

v2.9.4

v2.9.5

v2.9.6

v2.9.7

v2.9.8

v2.9.9

v3.*

v3.0.0-beta

v3.0.0-rc1

v3.0.0-rc2

v3.0.0-rc3

v3.0.0-rc4

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.0.8

v3.0.9

v3.0.10

v3.1.0-beta

v3.1.0-rc1

v3.1.0-rc2

v3.1.0

v3.1.1

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.8

v3.1.9

v3.1.10

v3.1.11

v3.1.12

v3.1.13

v3.1.14

v3.1.15

v3.1.16

v3.1.17

v3.1.18

v3.2.0-beta

v3.2.0-rc1

v3.2.0-rc2

v3.2.0-rc3

v3.2.0-rc4

v3.2.0-rc5

v3.2.0

v3.2.1

v3.2.2

v3.2.3

v3.2.4

v3.2.5

v3.2.6

v3.2.7

v3.2.8

v3.2.9

v3.3.0-beta

v3.3.0-rc1

v3.3.0-rc2

v3.3.0-rc3

v3.3.0

v3.3.1

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9

v3.4.0-beta

v3.4.0-rc1

v3.4.0-rc2

v3.4.0-rc3

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.4.4

v3.4.5

v3.4.6

v3.4.7

v3.4.8

v3.4.9

v3.5.0-beta

v3.5.0-rc1

v3.5.0

v3.5.1

v3.5.2

v3.5.3

v3.5.4

v3.5.5

v3.5.6

v3.5.7

v3.5.8

v3.5.9

v3.5.10

v3.5.11

v3.5.12

v3.5.13

v3.5.14

v3.5.15

v3.5.16

v3.5.17

v3.5.18

v3.6.0-beta

v3.6.0-rc1

v3.6.0-rc2

v3.6.0-rc3

v3.6.0

v3.6.1

v3.6.2

v3.6.3

v3.6.4

v3.6.5

v3.6.6

v3.6.7

v3.6.8

v3.6.9

v3.6.10

v3.7.0-beta

v3.7.0-rc1

v3.7.0-rc2

v3.7.0

v3.7.1

v3.7.2

v3.7.3

v3.7.4

v3.7.5

v3.7.6

v3.7.7

v3.7.8

v3.7.9

v3.8.0-beta

v3.8.0-rc1

v3.8.0

v3.8.1

v3.8.2

v3.8.3

v3.8.4

v3.8.5

v3.8.6

v3.8.7

v3.8.8

v3.8.9

v3.9.0-beta

v3.9.0-rc1

v3.9.0-rc2

v3.9.0-rc3

v3.9.0

v3.9.1

v3.9.2

v3.9.3

v3.9.4

v3.9.5

v3.9.6

v3.9.7

v3.9.8

v3.9.9

v3.9.10

v3.9.11

v3.9.12

v3.9.13

v3.9.14

v3.9.15

v3.9.16

v3.9.17

v3.9.18

v3.9.19

v3.9.20

v3.9.21

v3.9.22

v3.9.23

v3.9.24

v3.9.25

v3.10.0-beta

v3.10.0-rc1

v3.10.0-rc2

v3.10.0

v3.10.1

v3.10.2

v3.10.3

v3.10.4

v3.10.5

v3.10.6

v3.10.7

v3.10.8

v3.10.9

v3.10.10

v3.10.11

v3.11.0-beta

v3.11.0-rc1

v3.11.0-rc2

v3.11.0

v3.11.1

v3.11.2

v3.11.3

v3.11.4

v3.11.5

v3.11.6

v3.11.7

v3.11.8

v3.11.9

v3.11.10

v3.11.11

v3.11.12

v3.11.13

v3.11.14

v3.11.15

v3.11.16

v3.11.17

v3.11.18

v4.*

v4.0.0-beta

v4.0.0-rc1

v4.0.0-rc2

v4.0.0-rc3

v4.0.0-rc4

v4.0.0

v4.0.1

v4.0.2

v4.0.3

v4.0.4

v4.0.5

v4.0.6

v4.0.7

v4.0.8

v4.0.9

v4.0.10

v4.0.11

v4.0.12

v4.1.0-beta

v4.1.0-rc1

v4.1.0-rc2

v4.1.0-rc3

v4.1.0

v4.1.1

v4.1.2

v4.1.3

v4.1.4

v4.1.5

v4.1.6

v4.1.7

v4.1.8

v4.1.9

v4.1.10

v4.1.11

v4.1.12

v4.1.13

v4.1.14

v4.1.15

v4.1.16

v4.1.17

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0-beta

Fixed

4.3.12

Affected versions

v4.*

v4.3.0-beta

v4.3.0-rc1

v4.3.0-rc2

v4.3.0

v4.3.1

v4.3.2

v4.3.3

v4.3.4

v4.3.5

v4.3.6

v4.3.7

v4.3.8

v4.3.9

v4.3.10

v4.3.11

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0-beta

Fixed

4.4.8

Affected versions

v4.*

v4.4.0-beta

v4.4.0-rc1

v4.4.0-rc2

v4.4.0

v4.4.1

v4.4.2

v4.4.3

v4.4.4

v4.4.5

v4.4.6

v4.4.7

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.5.0-beta

Fixed

4.5.4

Affected versions

v4.*

v4.5.0-beta

v4.5.0-rc1

v4.5.0-rc2

v4.5.0

v4.5.1

v4.5.2

v4.5.3