GHSA-v33x-q8gh-4x42
Suggest an improvement- Source
- https://github.com/advisories/GHSA-v33x-q8gh-4x42
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v33x-q8gh-4x42/GHSA-v33x-q8gh-4x42.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-v33x-q8gh-4x42
- Aliases
-
- CVE-2015-5338
- Published
- 2022-05-13T01:12:48Z
- Modified
- 2024-02-16T08:01:20.422566Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Moodle multiple cross-site request forgery (CSRF) vulnerabilities
- Details
-
Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to (1) mod/lesson/mediafile.php or (2) mod/lesson/view.php.
- Database specific
{ "nvd_published_at": "2016-02-22T05:59:00Z", "cwe_ids": [ "CWE-352" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-01-26T20:11:17Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-5338
- https://github.com/moodle/moodle/commit/541c5b8552e0162010d0259c90a04eb63e875958
- https://github.com/moodle/moodle/commit/817cae1ac7ca748ba368439a40ef67d555774485
- https://github.com/moodle/moodle/commit/dcb42c9ed13b0c0ec2dde22b62ef69772d7725e6
- https://github.com/moodle/moodle/commit/f75333766c7295932baa72a9dbe9542baf14e107
- https://moodle.org/mod/forum/discuss.php?d=323233
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48109
Affected packages
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.7.11
Affected versions
v2.*
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.3.10
v2.3.11
v2.4.0-rc1
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7
v2.4.8
v2.4.9
v2.4.10
v2.4.11
v2.5.0-beta
v2.5.0-rc1
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.5.6
v2.5.7
v2.5.8
v2.5.9
v2.6.0-beta
v2.6.0-rc1
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.6.7
v2.6.8
v2.6.9
v2.6.10
v2.6.11
v2.7.0-beta
v2.7.0-rc1
v2.7.0-rc2
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.7.8
v2.7.9
v2.7.10
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle