Description

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.

Remediation

References

CVE-2022-0335

Related Vulnerabilities

WordPress Plugin SB Welcome Email Editor Unspecified Vulnerability (4.1)

WordPress Plugin Wp-Pro-Quiz Cross-Site Request Forgery (0.37)

OpenVPN AS Other Vulnerability (CVE-2005-3409)

WordPress Plugin FormBuilder Cross-Site Scripting (0.90)

WordPress Plugin WooCommerce Checkout Manager Cross-Site Request Forgery (4.3)

Severity

High

Classification

CVE-2022-0335 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities