A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2043666 | Issue Tracking Third Party Advisory |
https://moodle.org/mod/forum/discuss.php?d=431103 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
01 Feb 2022, 16:59
Type | Values Removed | Values Added |
---|---|---|
First Time |
Moodle moodle
Moodle |
|
CPE | cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* | |
CWE | CWE-352 | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2043666 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://moodle.org/mod/forum/discuss.php?d=431103 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 8.8 |
25 Jan 2022, 20:19
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-25 20:15
Updated : 2023-12-10 14:09
NVD link : CVE-2022-0335
Mitre link : CVE-2022-0335
CVE.ORG link : CVE-2022-0335
JSON object : View
Products Affected
moodle
- moodle
CWE
CWE-352
Cross-Site Request Forgery (CSRF)