What is CVE-2021-43559?

CVE-2021-43559 is a vulnerability found in Moodle versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10, and earlier unsupported versions.

What is the severity of CVE-2021-43559?

CVE-2021-43559 has a severity level of high (8.8).

How does CVE-2021-43559 impact Moodle?

CVE-2021-43559 poses a CSRF (Cross-Site Request Forgery) risk to Moodle, specifically in the "delete related badge" functionality.

Which versions of Moodle are affected by CVE-2021-43559?

CVE-2021-43559 affects Moodle versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10, and earlier unsupported versions.

How can I fix CVE-2021-43559 in Moodle?

To fix CVE-2021-43559, it is recommended to upgrade Moodle to the latest supported version and apply any available patches or hotfixes provided by the Moodle project.

Vulnerability/
CVE-2021-43559

high

8.8

CWE

352

9/11/2021

22/11/2021

21/11/2024

CVE-2021-43559: CSRF

First published: Tue Nov 09 2021(Updated: )

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.

Credit: patrick@puiterwijk.org patrick@puiterwijk.org

Affected Software	Affected Version	How to fix
Moodle Moodle	<=3.8.8
Moodle Moodle	>=3.9.0<3.9.11
Moodle Moodle	>=3.10.0<3.10.8
Moodle Moodle	>=3.11.0<3.11.4
Fedoraproject Extra Packages For Enterprise Linux	=7.0
Fedoraproject Fedora	=35
redhat/moodle	<3.11.4	3.11.4
redhat/moodle 3.10.8 and moodle	<3.9.11	3.9.11
	<=3.8.8
	>=3.9.0<3.9.11
	>=3.10.0<3.10.8
	>=3.11.0<3.11.4
	=7.0
	=35

Remedy

https://moodle.org/mod/forum/discuss.php?d=429099

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-43559?
CVE-2021-43559 is a vulnerability found in Moodle versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10, and earlier unsupported versions.
What is the severity of CVE-2021-43559?
CVE-2021-43559 has a severity level of high (8.8).
How does CVE-2021-43559 impact Moodle?
CVE-2021-43559 poses a CSRF (Cross-Site Request Forgery) risk to Moodle, specifically in the "delete related badge" functionality.
Which versions of Moodle are affected by CVE-2021-43559?
CVE-2021-43559 affects Moodle versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10, and earlier unsupported versions.
How can I fix CVE-2021-43559 in Moodle?
To fix CVE-2021-43559, it is recommended to upgrade Moodle to the latest supported version and apply any available patches or hotfixes provided by the Moodle project.

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/author
agent/remedy
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2021-43559
agent/software-canonical-lookup
agent/references
agent/severity
agent/softwarecombine
agent/description
agent/first-publish-date
agent/tags
collector/nvd-api
source/NVD
vendor/moodle
canonical/moodle moodle
version/moodle moodle/3.8.8
version/moodle moodle/3.9.0
version/moodle moodle/3.10.0
version/moodle moodle/3.11.0
vendor/fedoraproject
canonical/fedoraproject extra packages for enterprise linux
version/fedoraproject extra packages for enterprise linux/7.0
canonical/fedoraproject fedora
version/fedoraproject fedora/35
package-manager/redhat

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.