Red Hat Bugzilla – Bug 1052001
CVE-2014-0010 moodle: Cross-Site Request Forgery (CSRF) flaws in profile fields (MSA-14-0003)
Last modified: 2016-01-22 11:31:30 EST
Jun Zhu found that some profile fields were vulnerable to Cross-Site Request Forgery (CSRF). An attacker could use these flaws to perform actions on profiles (such as deleting categories). These issues affected Moodle versions 2.6, 2.5 to 2.5.4, 2.4 to 2.4.7, 2.3 to 2.3.10 and earlier unsupported versions. It has been fixed in 2.6.1, 2.5.4, 2.4.8 and 2.3.11.
I have not checked if versions 1.9.19 in EPEL 5 is affected or not.
Created moodle tracking bugs for this issue:
Affects: fedora-all [bug 1055388]
Affects: epel-all [bug 1055390]