First published: Mon Nov 26 2018(Updated: )
A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Moodle Moodle | <=3.0.10 | |
Moodle Moodle | >=3.1.0<3.1.15 | |
Moodle Moodle | >=3.3.0<3.3.9 | |
Moodle Moodle | >=3.4.0<3.4.6 | |
Moodle Moodle | >=3.5.0<3.5.3 | |
composer/moodle/moodle | >=3.5<3.5.3 | 3.5.3 |
composer/moodle/moodle | >=3.4<3.4.6 | 3.4.6 |
composer/moodle/moodle | >=3.3<3.3.9 | 3.3.9 |
composer/moodle/moodle | >=3.1<3.1.15 | 3.1.15 |
<=3.0.10 | ||
>=3.1.0<3.1.15 | ||
>=3.3.0<3.3.9 | ||
>=3.4.0<3.4.6 | ||
>=3.5.0<3.5.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.