GHSA-hhq7-jf2p-hw9c

Source

https://github.com/advisories/GHSA-hhq7-jf2p-hw9c

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hhq7-jf2p-hw9c/GHSA-hhq7-jf2p-hw9c.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hhq7-jf2p-hw9c

Aliases

CVE-2015-0213

Published

2022-05-13T01:12:43Z

Modified

2024-12-08T05:39:40.676132Z

Summary

Moodle multiple cross-site request forgery (CSRF) vulnerabilities

Details

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims.

Database specific

{
    "nvd_published_at": "2015-06-01T19:59:00Z",
    "cwe_ids": [
        "CWE-352"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-25T20:34:14Z"
}

References

Affected packages

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.6.7

Affected versions

v2.*

v2.3.4

v2.3.5

v2.3.6

v2.3.7

v2.3.8

v2.3.9

v2.3.10

v2.3.11

v2.4.0-rc1

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.4.7

v2.4.8

v2.4.9

v2.4.10

v2.4.11

v2.5.0-beta

v2.5.0-rc1

v2.5.0

v2.5.1

v2.5.2

v2.5.3

v2.5.4

v2.5.5

v2.5.6

v2.5.7

v2.5.8

v2.5.9

v2.6.0-beta

v2.6.0-rc1

v2.6.0

v2.6.1

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.7.0

Fixed

2.7.4

Affected versions

v2.*

v2.7.0

v2.7.1

v2.7.2

v2.7.3

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.8.0

Fixed

2.8.2

Affected versions

v2.*

v2.8.0

v2.8.1