Boletines de Vulnerabilidades

MSA-22-0004: CSRF risk in badge alignment deletion


Información sobre el sistema

   
Software afectado PHP

Descripción

di Michael Hawkins. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.Severity/Risk:SeriousVersions affected:3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versionsVersions fixed:3.11.5, 3.10.9 and 3.9.12Reported by:OstapbenderCVE identifier:CVE-2022-0335Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72367Tracker issue:MDL-72367 CSRF risk in badge

More info:

https://moodle.org/mod/forum/discuss.php?d=431103&parent=1734817

Identificadores estándar

Propiedad Valor
CVE CVE-2022-0335.

Histórico de versiones

Versión Comentario Data
1.0 Advisory issued 2022-05-17
Ministerio de Defensa
CNI
CCN
CCN-CERT