First published: Mon May 15 2017(Updated: )
In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Moodle Moodle | =2.7.0 | |
Moodle Moodle | =2.7.0-beta | |
Moodle Moodle | =2.7.0-rc1 | |
Moodle Moodle | =2.7.0-rc2 | |
Moodle Moodle | =2.7.1 | |
Moodle Moodle | =2.7.2 | |
Moodle Moodle | =2.7.3 | |
Moodle Moodle | =2.7.4 | |
Moodle Moodle | =2.7.5 | |
Moodle Moodle | =2.7.6 | |
Moodle Moodle | =2.7.7 | |
Moodle Moodle | =2.7.8 | |
Moodle Moodle | =2.7.9 | |
Moodle Moodle | =2.7.10 | |
Moodle Moodle | =2.7.11 | |
Moodle Moodle | =2.7.12 | |
Moodle Moodle | =2.7.13 | |
Moodle Moodle | =2.7.14 | |
Moodle Moodle | =2.7.15 | |
Moodle Moodle | =2.7.16 | |
Moodle Moodle | =2.7.17 | |
Moodle Moodle | =2.7.18 | |
Moodle Moodle | =3.0.0 | |
Moodle Moodle | =3.0.0-beta | |
Moodle Moodle | =3.0.0-rc1 | |
Moodle Moodle | =3.0.0-rc2 | |
Moodle Moodle | =3.0.0-rc3 | |
Moodle Moodle | =3.0.0-rc4 | |
Moodle Moodle | =3.0.1 | |
Moodle Moodle | =3.0.2 | |
Moodle Moodle | =3.0.3 | |
Moodle Moodle | =3.0.4 | |
Moodle Moodle | =3.0.5 | |
Moodle Moodle | =3.0.6 | |
Moodle Moodle | =3.0.7 | |
Moodle Moodle | =3.0.8 | |
Moodle Moodle | =3.1.0 | |
Moodle Moodle | =3.1.0-beta | |
Moodle Moodle | =3.1.0-rc1 | |
Moodle Moodle | =3.1.0-rc2 | |
Moodle Moodle | =3.1.1 | |
Moodle Moodle | =3.1.2 | |
Moodle Moodle | =3.1.3 | |
Moodle Moodle | =3.1.4 | |
Moodle Moodle | =3.2.0 | |
Moodle Moodle | =3.2.0-beta | |
Moodle Moodle | =3.2.0-rc1 | |
Moodle Moodle | =3.2.0-rc2 | |
Moodle Moodle | =3.2.0-rc3 | |
Moodle Moodle | =3.2.0-rc4 | |
Moodle Moodle | =3.2.0-rc5 | |
Moodle Moodle | =3.2.1 | |
Moodle Moodle | =3.2.2 | |
composer/moodle/moodle | >=2.7<2.7.20 | 2.7.20 |
composer/moodle/moodle | >=3.0<3.0.10 | 3.0.10 |
composer/moodle/moodle | >=3.1<3.1.6 | 3.1.6 |
composer/moodle/moodle | >=3.2<3.2.3 | 3.2.3 |
=2.7.0 | ||
=2.7.0-beta | ||
=2.7.0-rc1 | ||
=2.7.0-rc2 | ||
=2.7.1 | ||
=2.7.2 | ||
=2.7.3 | ||
=2.7.4 | ||
=2.7.5 | ||
=2.7.6 | ||
=2.7.7 | ||
=2.7.8 | ||
=2.7.9 | ||
=2.7.10 | ||
=2.7.11 | ||
=2.7.12 | ||
=2.7.13 | ||
=2.7.14 | ||
=2.7.15 | ||
=2.7.16 | ||
=2.7.17 | ||
=2.7.18 | ||
=3.0.0 | ||
=3.0.0-beta | ||
=3.0.0-rc1 | ||
=3.0.0-rc2 | ||
=3.0.0-rc3 | ||
=3.0.0-rc4 | ||
=3.0.1 | ||
=3.0.2 | ||
=3.0.3 | ||
=3.0.4 | ||
=3.0.5 | ||
=3.0.6 | ||
=3.0.7 | ||
=3.0.8 | ||
=3.1.0 | ||
=3.1.0-beta | ||
=3.1.0-rc1 | ||
=3.1.0-rc2 | ||
=3.1.1 | ||
=3.1.2 | ||
=3.1.3 | ||
=3.1.4 | ||
=3.2.0 | ||
=3.2.0-beta | ||
=3.2.0-rc1 | ||
=3.2.0-rc2 | ||
=3.2.0-rc3 | ||
=3.2.0-rc4 | ||
=3.2.0-rc5 | ||
=3.2.1 | ||
=3.2.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.