Moodle.org: MSA-22-0022: CSRF risk in enabling/disabling installed H5P libraries

Moodle.org

by Michael Hawkins - Monday, 29 August 2022, 6:56 PM

Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk.

Severity/Risk:	Minor
Versions affected:	4.0 to 4.0.2 and 3.11 to 3.11.8
Versions fixed:	4.0.3 and 3.11.9
Reported by:	Paul Holden
CVE identifier:	CVE-2022-2986
Changes (master):	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75326
Tracker issue:	MDL-75326 CSRF risk in enabling/disabling installed H5P libraries

Security announcements