CVE-2021-43559

State: PUBLISHED · Published: 2021-11-22 · Updated: 2024-08-04 · Assigner: fedora

Description

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.

CWE

CWE-352 — CWE-352

Affected

n/a / moodle — v=moodle 3.11.4, moodle 3.10.8 and moodle 3.9.11 [affected]

CVSS

(none)

References

https://bugzilla.redhat.com/show_bug.cgi?id=2021517 x_refsource_MISC
https://moodle.org/mod/forum/discuss.php?d=429099 x_refsource_MISC

Source

cvelistV5-main/cves/2021/43xxx/CVE-2021-43559.json