Moodle.org: MSA-15-0042: CSRF in lesson login form

Moodle.org

Description:	Password-protected lesson modules are subject to CSRF vulnerability
Issue summary:	CSRF in lesson login form
Severity/Risk:	Minor
Versions affected:	2.9 to 2.9.2, 2.8 to 2.8.8, 2.7 to 2.7.10 and earlier unsupported versions
Versions fixed:	2.9.3, 2.8.9 and 2.7.11
Reported by:	Ankit Agarwal
Issue no.:	MDL-48109
CVE identifier:	CVE-2015-5338
Changes (master):	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48109

Security announcements