Vulnerability Database

296,147

Total vulnerabilities in the database

CVE-2022-0335

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
moodle / moodle 3.11.0 3.11.5
moodle / moodle 3.9.0 3.9.12
moodle / moodle 3.10.0 3.10.9
moodle / moodle - 3.8.9.x
Composer icon moodle / moodle 3.11 3.11.5
Composer icon moodle / moodle 3.10 3.10.8
Composer icon moodle / moodle - 3.9.11