vulnerability

Moodle: Cross-Site Request Forgery (CSRF) (CVE-2021-43559)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Nov 22, 2021	Nov 29, 2021	Nov 29, 2021

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Nov 22, 2021

Added

Nov 29, 2021

Modified

Nov 29, 2021

Description

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.

Solutions

moodle-upgrade-3_10_8moodle-upgrade-3_11_4moodle-upgrade-3_9_11

References

CVE-2021-43559
https://attackerkb.com/topics/CVE-2021-43559
URL-https://bugzilla.redhat.com/show_bug.cgi?id=2021517
URL-https://moodle.org/mod/forum/discuss.php?d=429099

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today