CVE-2016-3734

Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
moodlemoodle
2.7.0
moodlemoodle
2.7.0:beta
moodlemoodle
2.7.0:rc1
moodlemoodle
2.7.0:rc2
moodlemoodle
2.7.1
moodlemoodle
2.7.2
moodlemoodle
2.7.3
moodlemoodle
2.7.4
moodlemoodle
2.7.5
moodlemoodle
2.7.6
moodlemoodle
2.7.7
moodlemoodle
2.7.8
moodlemoodle
2.7.9
moodlemoodle
2.7.10
moodlemoodle
2.7.11
moodlemoodle
2.7.12
moodlemoodle
2.7.13
moodlemoodle
2.8.0
moodlemoodle
2.8.1
moodlemoodle
2.8.2
moodlemoodle
2.8.3
moodlemoodle
2.8.4
moodlemoodle
2.8.5
moodlemoodle
2.8.6
moodlemoodle
2.8.7
moodlemoodle
2.8.8
moodlemoodle
2.8.9
moodlemoodle
2.8.10
moodlemoodle
2.8.11
moodlemoodle
2.9.0
moodlemoodle
2.9.1
moodlemoodle
2.9.2
moodlemoodle
2.9.3
moodlemoodle
2.9.4
moodlemoodle
2.9.5
moodlemoodle
3.0.0
moodlemoodle
3.0.0:beta
moodlemoodle
3.0.0:rc1
moodlemoodle
3.0.0:rc2
moodlemoodle
3.0.0:rc3
moodlemoodle
3.0.0:rc4
moodlemoodle
3.0.1
moodlemoodle
3.0.2
moodlemoodle
3.0.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
moodle
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
not-affected
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
ignored
trusty
dne
precise
ignored
Common Weakness Enumeration
References
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755
http://www.openwall.com/lists/oss-security/2016/05/17/4
http://www.securityfocus.com/bid/91281
http://www.securitytracker.com/id/1035902
https://bugzilla.redhat.com/show_bug.cgi?id=1335933
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755
http://www.openwall.com/lists/oss-security/2016/05/17/4
http://www.securityfocus.com/bid/91281
http://www.securitytracker.com/id/1035902
https://bugzilla.redhat.com/show_bug.cgi?id=1335933