Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 3.0 | 8.8 | HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| Primary | 2.0 | 6.8 | MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Hyperlink | Source | Resource |
|---|---|---|
| http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755 | secalert@redhat.com | Patch |
| http://www.openwall.com/lists/oss-security/2016/05/17/4 | secalert@redhat.com | Mailing List Third Party Advisory |
| http://www.securityfocus.com/bid/91281 | secalert@redhat.com | Third Party Advisory VDB Entry |
| http://www.securitytracker.com/id/1035902 | secalert@redhat.com | Third Party Advisory VDB Entry |
| https://bugzilla.redhat.com/show_bug.cgi?id=1335933 | secalert@redhat.com | Issue Tracking Third Party Advisory |
| http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755 | af854a3a-2127-422b-91ae-364da2661108 | Patch |
| http://www.openwall.com/lists/oss-security/2016/05/17/4 | af854a3a-2127-422b-91ae-364da2661108 | Mailing List Third Party Advisory |
| http://www.securityfocus.com/bid/91281 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory VDB Entry |
| http://www.securitytracker.com/id/1035902 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory VDB Entry |
| https://bugzilla.redhat.com/show_bug.cgi?id=1335933 | af854a3a-2127-422b-91ae-364da2661108 | Issue Tracking Third Party Advisory |