8.8

CVE-2016-3734

Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MoodleMoodle Version2.7.0
MoodleMoodle Version2.7.0 Updatebeta
MoodleMoodle Version2.7.0 Updaterc1
MoodleMoodle Version2.7.0 Updaterc2
MoodleMoodle Version2.7.1
MoodleMoodle Version2.7.2
MoodleMoodle Version2.7.3
MoodleMoodle Version2.7.4
MoodleMoodle Version2.7.5
MoodleMoodle Version2.7.6
MoodleMoodle Version2.7.7
MoodleMoodle Version2.7.8
MoodleMoodle Version2.7.9
MoodleMoodle Version2.7.10
MoodleMoodle Version2.7.11
MoodleMoodle Version2.7.12
MoodleMoodle Version2.7.13
MoodleMoodle Version2.8.0
MoodleMoodle Version2.8.1
MoodleMoodle Version2.8.2
MoodleMoodle Version2.8.3
MoodleMoodle Version2.8.4
MoodleMoodle Version2.8.5
MoodleMoodle Version2.8.6
MoodleMoodle Version2.8.7
MoodleMoodle Version2.8.8
MoodleMoodle Version2.8.9
MoodleMoodle Version2.8.10
MoodleMoodle Version2.8.11
MoodleMoodle Version2.9.0
MoodleMoodle Version2.9.1
MoodleMoodle Version2.9.2
MoodleMoodle Version2.9.3
MoodleMoodle Version2.9.4
MoodleMoodle Version2.9.5
MoodleMoodle Version3.0.0
MoodleMoodle Version3.0.0 Updatebeta
MoodleMoodle Version3.0.0 Updaterc1
MoodleMoodle Version3.0.0 Updaterc2
MoodleMoodle Version3.0.0 Updaterc3
MoodleMoodle Version3.0.0 Updaterc4
MoodleMoodle Version3.0.1
MoodleMoodle Version3.0.2
MoodleMoodle Version3.0.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.13% 0.621
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

http://www.securityfocus.com/bid/91281
Third Party Advisory
VDB Entry
http://www.openwall.com/lists/oss-security/2016/05/17/4
Third Party Advisory
Mailing List
http://www.securitytracker.com/id/1035902
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1335933
Third Party Advisory
Issue Tracking
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755
Patch