CVE-2021-43559

Cross-Site Request Forgery (CSRF) in packagist/moodle/moodle

Identifiers

CVE-2021-43559

Package Slug

packagist/moodle/moodle

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

The delete related badge functionality does not include the necessary token check to prevent a CSRF risk.

Affected Versions

All versions up to 3.8.8, all versions starting from 3.9.0 before 3.9.11, all versions starting from 3.10.0 before 3.10.8, all versions starting from 3.11.0 before 3.11.4

Solution

Upgrade to versions 3.8.9, 3.9.11, 3.10.8, 3.11.4 or above.

Last Modified

2021-11-30

source