CSRF Risk in Admin Management of Analytics Models
CVE-2024-34008

8.8HIGH

Key Information:

Vendor: Moodle
Status
Vendor: CVE Published:; 31 May 2024

What is CVE-2024-34008?

A vulnerability exists in Moodle's admin management of analytics models where actions did not adequately incorporate a security token. This oversight exposes the system to Cross-Site Request Forgery (CSRF) risks, allowing an attacker to perform unauthorized actions by tricking an authenticated user into submitting a request without their knowledge. The absence of necessary security features in token management can lead to detrimental outcomes, underlining the importance of secure coding practices in software development.

References

https://moodle.org/mod/forum/discuss.php?d=458397

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 31, 2024