Boletines de Vulnerabilidades

MSA-21-0041: CSRF risk on delete related badge feature

Información sobre el sistema
   
Software afectado PHP

Descripción
by Michael Hawkins. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.Severity/Risk:SeriousVersions affected:3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versionsVersions fixed:3.11.4, 3.10.8 and 3.9.11Reported by:ostapbenderCVE identifier:CVE-2021-43559Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72370Tracker issue:MDL-72370 CSRF risk on delete

More info:

https://moodle.org/mod/forum/discuss.php?d=429099&parent=1726805

Identificadores estándar
Propiedad Valor
CVE CVE-2021-43559.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2021-11-16

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT