Lucene search

K
githubGitHub Advisory DatabaseGHSA-H75F-HJCR-CVH8
HistoryMay 13, 2022 - 1:12 a.m.

Moodle multiple cross-site request forgery (CSRF) vulnerabilities

2022-05-1301:12:51
CWE-352
GitHub Advisory Database
github.com
15
moodle
assignment subsystem
csrf
vulnerabilities
hijack
authentication
quick-grading
remote attackers
teachers

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.002

Percentile

52.5%

Multiple cross-site request forgery (CSRF) vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests.

Affected configurations

Vulners
Node
moodlemoodleRange<2.6.3
OR
moodlemoodleRange<2.5.6
OR
moodlemoodleRange<2.4.10
VendorProductVersionCPE
moodlemoodle*cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.002

Percentile

52.5%