CVE-2022-45149

A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

History

07 Nov 2023, 03:54

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/74SXNGA5RIWM7QNX7H3G7SYIQLP4UUGV/', 'name': 'FEDORA-2022-f7fdcb1820', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DHYIIAUXUBHMBEDYU7TYNZXEN2W2SA2/', 'name': 'FEDORA-2022-74a9c8e95f', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NLRJB5JNKK3VVBLV3NH3RI7COEDAXSAB/', 'name': 'FEDORA-2022-cb7084ae1c', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRJB5JNKK3VVBLV3NH3RI7COEDAXSAB/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DHYIIAUXUBHMBEDYU7TYNZXEN2W2SA2/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74SXNGA5RIWM7QNX7H3G7SYIQLP4UUGV/ -
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2142772 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=2142772 -
References (MISC) https://moodle.org/mod/forum/discuss.php?d=440769 - Patch, Vendor Advisory () https://moodle.org/mod/forum/discuss.php?d=440769 -
References (MISC) http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75862 - Patch, Vendor Advisory () http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75862 -

31 Jan 2023, 20:16

Type Values Removed Values Added
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/74SXNGA5RIWM7QNX7H3G7SYIQLP4UUGV/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/74SXNGA5RIWM7QNX7H3G7SYIQLP4UUGV/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NLRJB5JNKK3VVBLV3NH3RI7COEDAXSAB/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NLRJB5JNKK3VVBLV3NH3RI7COEDAXSAB/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DHYIIAUXUBHMBEDYU7TYNZXEN2W2SA2/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DHYIIAUXUBHMBEDYU7TYNZXEN2W2SA2/ - Mailing List, Third Party Advisory

07 Dec 2022, 04:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/74SXNGA5RIWM7QNX7H3G7SYIQLP4UUGV/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NLRJB5JNKK3VVBLV3NH3RI7COEDAXSAB/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DHYIIAUXUBHMBEDYU7TYNZXEN2W2SA2/ -

26 Nov 2022, 03:40

Type Values Removed Values Added
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2142772 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2142772 - Issue Tracking, Third Party Advisory
References (MISC) https://moodle.org/mod/forum/discuss.php?d=440769 - (MISC) https://moodle.org/mod/forum/discuss.php?d=440769 - Patch, Vendor Advisory
References (MISC) http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75862 - (MISC) http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75862 - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
CWE CWE-352
First Time Moodle moodle
Moodle
Fedoraproject
Fedoraproject fedora
CPE cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

23 Nov 2022, 15:16

Type Values Removed Values Added
New CVE

Information

Published : 2022-11-23 15:15

Updated : 2023-12-10 14:48


NVD link : CVE-2022-45149

Mitre link : CVE-2022-45149

CVE.ORG link : CVE-2022-45149


JSON object : View

Products Affected

fedoraproject

  • fedora

moodle

  • moodle
CWE
CWE-352

Cross-Site Request Forgery (CSRF)