VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-2231

moodle: Cross-site request forgery (CSRF) vulnerability in ...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2231

Original

Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-06-28

Source Information Category:

Advisory, Alert

Last Updated:

2010-06-29

Affected Product Tags

cpe:/a:moodle:moodle:1.1.1

cpe:/a:moodle:moodle:1.2

cpe:/a:moodle:moodle:1.2.1

cpe:/a:moodle:moodle:1.3

cpe:/a:moodle:moodle:1.3.1

cpe:/a:moodle:moodle:1.3.2

cpe:/a:moodle:moodle:1.3.3

cpe:/a:moodle:moodle:1.3.4

cpe:/a:moodle:moodle:1.4.1

cpe:/a:moodle:moodle:1.4.2

cpe:/a:moodle:moodle:1.4.3

cpe:/a:moodle:moodle:1.4.4

cpe:/a:moodle:moodle:1.4.5

cpe:/a:moodle:moodle:1.5

cpe:/a:moodle:moodle:1.5.1

cpe:/a:moodle:moodle:1.5.2

cpe:/a:moodle:moodle:1.5.3

cpe:/a:moodle:moodle:1.5:beta

cpe:/a:moodle:moodle:1.6

cpe:/a:moodle:moodle:1.6.1

cpe:/a:moodle:moodle:1.6.2

cpe:/a:moodle:moodle:1.6.3

cpe:/a:moodle:moodle:1.6.4

cpe:/a:moodle:moodle:1.6.5

cpe:/a:moodle:moodle:1.6.6

cpe:/a:moodle:moodle:1.6.7

cpe:/a:moodle:moodle:1.6.8

cpe:/a:moodle:moodle:1.7

cpe:/a:moodle:moodle:1.7.1

cpe:/a:moodle:moodle:1.7.2

cpe:/a:moodle:moodle:1.7.3

cpe:/a:moodle:moodle:1.7.4

cpe:/a:moodle:moodle:1.7.5

cpe:/a:moodle:moodle:1.7.6

cpe:/a:moodle:moodle:1.8

cpe:/a:moodle:moodle:1.8.1

cpe:/a:moodle:moodle:1.8.10

cpe:/a:moodle:moodle:1.8.11

cpe:/a:moodle:moodle:1.8.12 and previous versions

cpe:/a:moodle:moodle:1.8.2

cpe:/a:moodle:moodle:1.8.3

cpe:/a:moodle:moodle:1.8.4

cpe:/a:moodle:moodle:1.8.5

cpe:/a:moodle:moodle:1.8.6

cpe:/a:moodle:moodle:1.8.7

cpe:/a:moodle:moodle:1.8.8

cpe:/a:moodle:moodle:1.8.9

cpe:/a:moodle:moodle:1.9

cpe:/a:moodle:moodle:1.9.1

cpe:/a:moodle:moodle:1.9.2

cpe:/a:moodle:moodle:1.9.3

cpe:/a:moodle:moodle:1.9.4

cpe:/a:moodle:moodle:1.9.5

cpe:/a:moodle:moodle:1.9.6

cpe:/a:moodle:moodle:1.9.7

cpe:/a:moodle:moodle:1.9.8

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

CONFIRM http://cvs.moodle.org/moodle/mod/quiz/report/overview/report.php?r1=1.98.2.50&r2=1.98.2.51

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=605809

CONFIRM http://tracker.moodle.org/browse/MDL-21688

CONFIRM http://moodle.org/mod/forum/discuss.php?d=152369

CONFIRM http://docs.moodle.org/en/Moodle_1.9.9_release_notes

CONFIRM http://docs.moodle.org/en/Moodle_1.8.13_release_notes

FEDORA FEDORA-2010-10321

FEDORA FEDORA-2010-10291

FEDORA FEDORA-2010-10286

MLIST [oss-security] 20100621 Re: CVE request: moodle 1.9.9/1.8.13 multiple vulnerabilities

SECUNIA 40352

SECUNIA 40248

VUPEN ADV-2010-1530

VUPEN ADV-2010-1571

Vulnerability Type Cross-Site Request Forgery (CSRF) (CWE-352)