1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
Candidate: CVE-2014-7838
PublicDate: 2014-11-24
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7838
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48019
Description:
Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum
module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6,
and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication
of arbitrary users for requests that set a tracking preference within (1)
mod/forum/deprecatedlib.php, (2) mod/forum/forum.js, (3)
mod/forum/index.php, or (4) mod/forum/lib.php.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_moodle:
upstream_moodle: needed
lucid_moodle: ignored (reached end-of-life)
precise_moodle: ignored (reached end-of-life)
precise/esm_moodle: DNE (precise was needed)
trusty_moodle: needed
utopic_moodle: ignored (reached end-of-life)
vivid_moodle: ignored (reached end-of-life)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: ignored (reached end-of-life)
xenial_moodle: needed
yakkety_moodle: ignored (reached end-of-life)
zesty_moodle: needed
devel_moodle: needed
|