CVE-2022-0335

{"id": "CVE-2022-0335", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-01-25T20:15:08.903", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043666", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "patrick@puiterwijk.org"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=431103", "tags": ["Vendor Advisory"], "source": "patrick@puiterwijk.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}, {"type": "Secondary", "source": "patrick@puiterwijk.org", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The \"delete badge alignment\" functionality did not include the necessary token check to prevent a CSRF risk."}, {"lang": "es", "value": "Se ha encontrado un fallo en Moodle en las versiones 3.11 hasta 3.11.4, versiones 3.10 hasta 3.10.8, versiones 3.9 hasta 3.9.11 y versiones anteriores no soportadas. La funcionalidad \"delete badge alignment\" no inclu\u00eda la comprobaci\u00f3n de tokens necesaria para evitar un riesgo de tipo CSRF"}], "lastModified": "2022-12-21T15:01:19.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFF97774-FD86-4BE1-8DFF-59F258DEA373", "versionEndIncluding": "3.8.9"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9094E397-25DD-4B4F-9580-72F0F2F75750", "versionEndExcluding": "3.9.12", "versionStartIncluding": "3.9.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E98FAEBB-D02A-4FFC-A1D4-5D802DDF93CA", "versionEndExcluding": "3.10.9", "versionStartIncluding": "3.10.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34662C74-C275-45EE-B237-C5756ADB164B", "versionEndExcluding": "3.11.5", "versionStartIncluding": "3.11.0"}], "operator": "OR"}]}], "sourceIdentifier": "patrick@puiterwijk.org"}