CVE-2022-0335

HIGH8.8EPSS 0.11%

Cross Site Request Forgery in Moodle

發布日:2022/1/28修改日:2025/4/3

描述

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.

受影響套件(2)

Bitnami/moodlefrom 0, < 3.8.10, >= 3.9.0, < 3.9.12, >= 3.10.0, < 3.10.9, >= 3.11.0, < 3.11.5
Packagist/moodle/moodle>= 3.11, < 3.11.5

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-0335
PATCHhttps://github.com/moodle/moodle
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2043666
WEBhttps://github.com/moodle/moodle/commit/d40cc61eba229c6d1f47b9a525022fbc9136b9f6
WEBhttps://moodle.org/mod/forum/discuss.php?d=431103