CVE-2015-0213: CSRF
First published: Mon Jun 01 2015(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/moodle/moodle | >=2.8.0<2.8.2 | 2.8.2 |
| composer/moodle/moodle | >=2.7.0<2.7.4 | 2.7.4 |
| composer/moodle/moodle | <2.6.7 | 2.6.7 |
| Moodle | <=2.5.9 | |
| Moodle | =2.5.0 | |
| Moodle | =2.5.1 | |
| Moodle | =2.5.2 | |
| Moodle | =2.5.3 | |
| Moodle | =2.5.4 | |
| Moodle | =2.5.5 | |
| Moodle | =2.5.6 | |
| Moodle | =2.5.7 | |
| Moodle | =2.5.8 | |
| Moodle | =2.6.0 | |
| Moodle | =2.6.1 | |
| Moodle | =2.6.2 | |
| Moodle | =2.6.3 | |
| Moodle | =2.6.4 | |
| Moodle | =2.6.5 | |
| Moodle | =2.6.6 | |
| Moodle | =2.7.0 | |
| Moodle | =2.7.1 | |
| Moodle | =2.7.2 | |
| Moodle | =2.7.3 | |
| Moodle | =2.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48106
- http://openwall.com/lists/oss-security/2015/01/19/1
- https://moodle.org/mod/forum/discuss.php?d=278613
- https://nvd.nist.gov/vuln/detail/CVE-2015-0213
- https://github.com/moodle/moodle/commit/5770e5147838aa06a3ecdff6fc3aebbbd17fff90
- https://github.com/moodle/moodle/commit/c4250ef4f23776ff4862d2860b6be2cf7b2d85f6
- https://github.com/moodle/moodle/commit/e83c756f84e16ab70e160e08deb84e9bc4bfbfea
- https://github.com/advisories/GHSA-hhq7-jf2p-hw9c (Advisory)
Frequently Asked Questions
What is the severity of CVE-2015-0213?
CVE-2015-0213 has a medium severity rating due to its potential for cross-site request forgery (CSRF) attacks.
How do I fix CVE-2015-0213?
To fix CVE-2015-0213, update Moodle to versions 2.8.2, 2.7.4, or 2.6.7 or later.
What versions of Moodle are affected by CVE-2015-0213?
CVE-2015-0213 affects Moodle versions up to 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2.
What types of attacks does CVE-2015-0213 enable?
CVE-2015-0213 enables remote attackers to hijack user authentication through CSRF vulnerabilities.
Is it safe to continue using an affected version of Moodle after CVE-2015-0213 is identified?
It is not safe to use affected versions of Moodle without applying the necessary updates after identifying CVE-2015-0213.
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-hhq7-jf2p-hw9c
- alias/CVE-2015-0213
- agent/software-canonical-lookup
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/author
- agent/softwarecombine
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/composer
- vendor/moodle
- canonical/moodle
- version/moodle/2.5.9
- version/moodle/2.5.0
- version/moodle/2.5.1
- version/moodle/2.5.2
- version/moodle/2.5.3
- version/moodle/2.5.4
- version/moodle/2.5.5
- version/moodle/2.5.6
- version/moodle/2.5.7
- version/moodle/2.5.8
- version/moodle/2.6.0
- version/moodle/2.6.1
- version/moodle/2.6.2
- version/moodle/2.6.3
- version/moodle/2.6.4
- version/moodle/2.6.5
- version/moodle/2.6.6
- version/moodle/2.7.0
- version/moodle/2.7.1
- version/moodle/2.7.2
- version/moodle/2.7.3
- version/moodle/2.8.0