CVE-2022-0335
Published Jan 25, 2022
Last updated 2 years ago
Overview
- Description
- A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.
- Source
- patrick@puiterwijk.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFF97774-FD86-4BE1-8DFF-59F258DEA373",
"versionEndIncluding": "3.8.9"
},
{
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9094E397-25DD-4B4F-9580-72F0F2F75750",
"versionEndExcluding": "3.9.12",
"versionStartIncluding": "3.9.0"
},
{
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E98FAEBB-D02A-4FFC-A1D4-5D802DDF93CA",
"versionEndExcluding": "3.10.9",
"versionStartIncluding": "3.10.0"
},
{
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34662C74-C275-45EE-B237-C5756ADB164B",
"versionEndExcluding": "3.11.5",
"versionStartIncluding": "3.11.0"
}
],
"operator": "OR"
}
]
}
]