CVE-2022-0335: CSRF
First published: Fri Jan 21 2022(Updated: )
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.
Credit: patrick@puiterwijk.org patrick@puiterwijk.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moodle Moodle | <=3.8.9 | |
| Moodle Moodle | >=3.9.0<3.9.12 | |
| Moodle Moodle | >=3.10.0<3.10.9 | |
| Moodle Moodle | >=3.11.0<3.11.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2022-0335
- https://bugzilla.redhat.com/show_bug.cgi?id=2043666
- https://moodle.org/mod/forum/discuss.php?d=431103
- https://github.com/moodle/moodle/commit/d40cc61eba229c6d1f47b9a525022fbc9136b9f6
- https://github.com/advisories/GHSA-xpfv-89vg-r562 (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2044476
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2044475
- collector/github-advisory-latest
- alias/GHSA-xpfv-89vg-r562
- alias/CVE-2022-0335
- collector/github-advisory
- collector/nvd-index
- collector/nvd-cve
- agent/author
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- agent/severity
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/event
- agent/description
- package-manager/composer
- vendor/moodle
- canonical/moodle moodle
- version/moodle moodle/3.8.9
- version/moodle moodle/3.9.0
- version/moodle moodle/3.10.0
- version/moodle moodle/3.11.0
- package-manager/redhat