CVE-2011-4298

Multiple cross-site request forgery (CSRF) vulnerabilities in mod/wiki/ components in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allow remote attackers to hijack the authentication of arbitrary users for requests that modify wiki data.

Published Bysecalert@redhat.com

Published DateJul 11, 2012, 10:26

Affected Versions(2)

moodle/moodle(Packagist)

Introduced2.0.0

Fixed2.0.5

LimitN/A

moodle/moodle(Packagist)

Introduced2.1.0

Fixed2.1.2

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
moodle/moodle(Packagist)	2.0.0	2.0.5	N/A
moodle/moodle(Packagist)	2.1.0	2.1.2	N/A

Weakness Type (CWE):CWE-352

CVSS Metrics

Base Score

6.8

Vector String

AV:N/AC:M/Au:N/C:P/I:P/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

PARTIAL

References

Weakness Type (CWE):CWE-352

CVSS Metrics

Base Score

6.8

Vector String

AV:N/AC:M/Au:N/C:P/I:P/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

PARTIAL