CVE-2015-5335: Exposure of Sensitive Information to an Unauthorized Actor
(updated )
Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to hijack the authentication of administrators for requests that send statistics to an arbitrary hub URL.
References
- git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51091
- github.com/advisories/GHSA-hpmv-wvq3-gj27
- github.com/moodle/moodle/commit/4bb9e1ad8af12b01499c68543e80f7c12fd557ea
- github.com/moodle/moodle/commit/77e072ebec68ba685551b886b71054d1feae6c94
- github.com/moodle/moodle/commit/7bf5c6a542efa113dbb241a113cb6079f0572443
- github.com/moodle/moodle/commit/a1168a7427f8fa1926a771fe8e6d10aeb6689686
- moodle.org/mod/forum/discuss.php?d=323230
- nvd.nist.gov/vuln/detail/CVE-2015-5335
Code Behaviors & Features
Detect and mitigate CVE-2015-5335 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →