GHSA-8v23-w4w5-w83c

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-8v23-w4w5-w83c/GHSA-8v23-w4w5-w83c.json

Aliases

CVE-2022-45149

Published

2022-11-23T15:30:21Z

Modified

2023-04-11T01:49:32.489961Z

Details

A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.

References

Affected packages

Packagist / moodle/moodle

Source Details

Package Name: moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.9.0

Fixed

3.9.18

Affected versions

v3.*

v3.9.0

v3.9.1

v3.9.2

v3.9.3

v3.9.4

v3.9.5

v3.9.6

v3.9.7

v3.9.8

v3.9.9

v3.9.10

v3.9.11

v3.9.12

v3.9.13

v3.9.14

v3.9.15

v3.9.16

v3.9.17

Packagist / moodle/moodle

Source Details

Package Name: moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.11.0

Fixed

3.11.11

Affected versions

v3.*

v3.11.0

v3.11.1

v3.11.2

v3.11.3

v3.11.4

v3.11.5

v3.11.6

v3.11.7

v3.11.8

v3.11.9

v3.11.10

Packagist / moodle/moodle

Source Details

Package Name: moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.0.5

Affected versions

v4.*

v4.0.0

v4.0.1

v4.0.2

v4.0.3

v4.0.4