CVE-2014-7838 – moodle/moodle

Package

Manager: composer
Name: moodle/moodle
Vulnerable Version: >=0 <2.5.9 || >=2.6.0 <2.6.6 || >=2.7.0 <2.7.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00173 pctl0.39112

Details

Moodle has multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within (1) mod/forum/deprecatedlib.php, (2) mod/forum/forum.js, (3) mod/forum/index.php, or (4) mod/forum/lib.php.

Metadata

Created: 2022-05-13T01:12:42Z
Modified: 2024-01-24T21:41:50Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-43r4-vm25-qm78/GHSA-43r4-vm25-qm78.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-43r4-vm25-qm78
Finding: F007
Auto approve: 1