CVE-2021-43559
N/A
N/A
Summary
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | moodle | moodle 3.11.4, moodle 3.10.8 and moodle 3.9.11 | affected |
Weaknesses
- CWE-352: CWE-352
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=2021517
- https://moodle.org/mod/forum/discuss.php?d=429099
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2021517
- https://moodle.org/mod/forum/discuss.php?d=429099
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.