CVE-2024-25982

nvd nist

Published: Feb 19, 2024Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The link to update all installed language packs did not include the necessary token to prevent a CSRF risk.

Affected (4)

Products: Moodle: Moodle · Fedoraproject: Fedora

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Moodle Moodle	From 4.1.0 to 4.1.9
Moodle Moodle	From 4.2.0 to 4.2.6
Moodle Moodle	From 4.3.0 to 4.3.3

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 38

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (8)

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-54749

Source: patrick@puiterwijk.org

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=2264098

Source: patrick@puiterwijk.org

Issue Tracking

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/

Source: patrick@puiterwijk.org

Mailing List

https://moodle.org/mod/forum/discuss.php?d=455638

Source: patrick@puiterwijk.org

Vendor Advisory

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-54749

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=2264098

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://moodle.org/mod/forum/discuss.php?d=455638

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.