PT-2022-13113 · Moodle+1 · Moodle+1

Ostapbender

Published

2022-01-17

Updated

2024-03-06

CVE-2022-0335

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Moodle versions 3.11 to 3.11.4 Moodle versions 3.10 to 3.10.8 Moodle versions 3.9 to 3.9.11 Moodle versions earlier than 3.9

Description A flaw was found in the "delete badge alignment" functionality, which did not include the necessary token check to prevent a CSRF risk.

Recommendations For versions 3.11 to 3.11.4, update to a version that includes the necessary token check for the "delete badge alignment" functionality. For versions 3.10 to 3.10.8, update to a version that includes the necessary token check for the "delete badge alignment" functionality. For versions 3.9 to 3.9.11, update to a version that includes the necessary token check for the "delete badge alignment" functionality. For versions earlier than 3.9, update to a supported version that includes the necessary token check for the "delete badge alignment" functionality.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

ALT-PU-2022-1064

ALT-PU-2022-1641

ALT-PU-2022-2450

BIT-MOODLE-2022-0335

CVE-2022-0335

GHSA-XPFV-89VG-R562

Affected Products

Alt Linux

Moodle

PT-2022-13113 · Moodle+1 · Moodle+1

CVE-2022-0335

Weakness Enumeration

Related Identifiers

Affected Products

References · 11