Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0126

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2014-0126
Last Modified 24 Mar 2014 06:34:58
Published 24 Mar 2014 10:20:39
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-0126

Summary

Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that import an IMS Enterprise file.

Vulnerable Systems

Application

  • Moodle 2.0

  • Moodle 2.0.1

  • Moodle 2.0.2

  • Moodle 2.0.3

  • Moodle 2.0.4

  • Moodle 2.0.5

  • Moodle 2.0.6

  • Moodle 2.0.7

  • Moodle 2.0.8

  • Moodle 2.0.9

  • Moodle 2.1

  • Moodle 2.1.1

  • Moodle 2.1.10

  • Moodle 2.1.2

  • Moodle 2.1.3

  • Moodle 2.1.4

  • Moodle 2.1.5

  • Moodle 2.1.6

  • Moodle 2.1.7

  • Moodle 2.1.8

  • Moodle 2.1.9

  • Moodle 2.2

  • Moodle 2.2.1

  • Moodle 2.2.10

  • Moodle 2.2.11

  • Moodle 2.2.2

  • Moodle 2.2.3

  • Moodle 2.2.4

  • Moodle 2.2.5

  • Moodle 2.2.6

  • Moodle 2.2.7

  • Moodle 2.2.8

  • Moodle 2.2.9

  • Moodle 2.3

  • Moodle 2.3.1

  • Moodle 2.3.10

  • Moodle 2.3.11

  • Moodle 2.3.2

  • Moodle 2.3.3

  • Moodle 2.3.4

  • Moodle 2.3.5

  • Moodle 2.3.6

  • Moodle 2.3.7

  • Moodle 2.3.8

  • Moodle 2.3.9

  • Moodle 2.4

  • Moodle 2.4.1

  • Moodle 2.4.2

  • Moodle 2.4.3

  • Moodle 2.4.4

  • Moodle 2.4.5

  • Moodle 2.4.6

  • Moodle 2.4.7

  • Moodle 2.4.8

  • Moodle 2.5

  • Moodle 2.5.1

  • Moodle 2.5.2

  • Moodle 2.5.3

  • Moodle 2.5.4

  • Moodle 2.6

  • Moodle 2.6.1


References

CONFIRM - https://moodle.org/mod/forum/discuss.php?d=256423

MLIST - [oss-security] 20140317 Moodle security notifications public

CONFIRM - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43146


Last Updated: 27 May 2016 11:04:45