A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2021517 | Issue Tracking Third Party Advisory |
https://moodle.org/mod/forum/discuss.php?d=429099 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
14 Jun 2022, 14:38
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:* | |
First Time |
Fedoraproject extra Packages For Enterprise Linux
|
26 Nov 2021, 20:53
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2021517 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://moodle.org/mod/forum/discuss.php?d=429099 - Patch, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 8.8 |
CPE | cpe:2.3:a:fedoraproject:fedora_extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* |
|
CWE | CWE-352 |
22 Nov 2021, 16:36
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-11-22 16:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-43559
Mitre link : CVE-2021-43559
CVE.ORG link : CVE-2021-43559
JSON object : View
Products Affected
fedoraproject
- fedora
- extra_packages_for_enterprise_linux
moodle
- moodle
CWE
CWE-352
Cross-Site Request Forgery (CSRF)