CVE-2022-0335

State: PUBLISHED · Published: 2022-01-25 · Updated: 2024-08-02 · Assigner: fedora

Description

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.

CWE

CWE-352 — CWE-352

Affected

n/a / moodle — v=moodle 3.11.5, moodle 3.10.9 and moodle 3.9.12 [affected]

CVSS

(none)

References

https://bugzilla.redhat.com/show_bug.cgi?id=2043666 x_refsource_MISC
https://moodle.org/mod/forum/discuss.php?d=431103 x_refsource_MISC

Source

cvelistV5-main/cves/2022/0xxx/CVE-2022-0335.json