CVE-2021-43559

Name of the Vulnerable Software and Affected Versions Moodle versions 3.11 to 3.11.3 Moodle versions 3.10 to 3.10.7 Moodle versions 3.9 to 3.9.10 Moodle versions prior to 3.9

Description A flaw was found in the "delete related badge" functionality of Moodle, which did not include the necessary token check to prevent a CSRF risk. This flaw is related to cross-site request forgery and can be exploited by a remote attacker using a specially crafted web page.

Recommendations For Moodle versions 3.11 to 3.11.3, update to a version that includes the necessary token check for the "delete related badge" functionality. For Moodle versions 3.10 to 3.10.7, update to a version that includes the necessary token check for the "delete related badge" functionality. For Moodle versions 3.9 to 3.9.10, update to a version that includes the necessary token check for the "delete related badge" functionality. For Moodle versions prior to 3.9, update to a supported version that includes the necessary token check for the "delete related badge" functionality. As a temporary workaround, consider disabling the "delete related badge" functionality until a patch is available.