Ostapbender

**Name of the Vulnerable Software and Affected Versions** Moodle (affected versions not specified) **Description** A flaw was found in the messaging web service of Moodle, where insufficient capability checks allowed users to view other users' names and online statuses. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 3.11 to 3.11.4 Moodle versions 3.10 to 3.10.8 Moodle versions 3.9 to 3.9.11 Moodle versions earlier than 3.9 **Description** A flaw was found in the "delete badge alignment" functionality, which did not include the necessary token check to prevent a CSRF risk. **Recommendations** For versions 3.11 to 3.11.4, update to a version that includes the necessary token check for the "delete badge alignment" functionality. For versions 3.10 to 3.10.8, update to a version that includes the necessary token check for the "delete badge alignment" functionality. For versions 3.9 to 3.9.11, update to a version that includes the necessary token check for the "delete badge alignment" functionality. For versions earlier than 3.9, update to a supported version that includes the necessary token check for the "delete badge alignment" functionality.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 3.11 to 3.11.3 Moodle versions 3.10 to 3.10.7 Moodle versions 3.9 to 3.9.10 Moodle versions prior to 3.9 **Description** A flaw was found in the "delete related badge" functionality of Moodle, which did not include the necessary token check to prevent a CSRF risk. This flaw is related to cross-site request forgery and can be exploited by a remote attacker using a specially crafted web page. **Recommendations** For Moodle versions 3.11 to 3.11.3, update to a version that includes the necessary token check for the "delete related badge" functionality. For Moodle versions 3.10 to 3.10.7, update to a version that includes the necessary token check for the "delete related badge" functionality. For Moodle versions 3.9 to 3.9.10, update to a version that includes the necessary token check for the "delete related badge" functionality. For Moodle versions prior to 3.9, update to a supported version that includes the necessary token check for the "delete related badge" functionality. As a temporary workaround, consider disabling the "delete related badge" functionality until a patch is available.