CVE-2010-2231

high

Description

Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter.

References

https://bugzilla.redhat.com/show_bug.cgi?id=605809

http://www.vupen.com/english/advisories/2010/1571

http://www.vupen.com/english/advisories/2010/1530

http://www.openwall.com/lists/oss-security/2010/06/21/2

http://tracker.moodle.org/browse/MDL-21688

http://secunia.com/advisories/40352

http://secunia.com/advisories/40248

http://moodle.org/mod/forum/discuss.php?d=152369

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043340.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043291.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043285.html

http://docs.moodle.org/en/Moodle_1.9.9_release_notes

http://docs.moodle.org/en/Moodle_1.8.13_release_notes

http://cvs.moodle.org/moodle/mod/quiz/report/overview/report.php?r1=1.98.2.50&r2=1.98.2.51

Details

Source: Mitre, NVD

Published: 2010-06-28

Updated: 2020-12-01

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High