CVE-2014-7836 – moodle/moodle

Package

Manager: composer
Name: moodle/moodle
Vulnerable Version: >=0 <2.5.9 || >=2.6.0 <2.6.6 || >=2.7.0 <2.7.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00173 pctl0.39112

Details

Moodle multiple cross-site request forgery (CSRF) vulnerabilities Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a (1) mod/lti/request_tool.php or (2) mod/lti/instructor_edit_tool_type.php request.

Metadata

Created: 2022-05-13T01:12:43Z
Modified: 2024-01-24T21:30:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wpq5-q3mj-8f3r/GHSA-wpq5-q3mj-8f3r.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-wpq5-q3mj-8f3r
Finding: F007
Auto approve: 1