CVE-2011-4281

Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 2.0.x before 2.0.2 allow remote attackers to hijack the authentication of arbitrary users for requests that mark the completion of (1) an activity or (2) a course.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
moodlemoodle
2.0.0
moodlemoodle
2.0.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
moodle
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
hardy
ignored
Common Weakness Enumeration
References
http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=9cedb80c5d6318aa17cd66912d37e6ef3dca9455
http://moodle.org/mod/forum/discuss.php?d=170006
http://openwall.com/lists/oss-security/2011/11/14/1
http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=9cedb80c5d6318aa17cd66912d37e6ef3dca9455
http://moodle.org/mod/forum/discuss.php?d=170006
http://openwall.com/lists/oss-security/2011/11/14/1