============================================================================== MSA-22-0022: CSRF risk in enabling/disabling installed H5P libraries Description: Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk. Issue summary: CSRF risk in enabling/disabling installed H5P libraries Severity/Risk: Minor Versions affected: 4.0 to 4.0.2 and 3.11 to 3.11.8 Versions fixed: 4.0.3 and 3.11.9 Reported by: Paul Holden Issue no.: MDL-75326 CVE identifier: Pending Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75326 ==============================================================================
Created moodle tracking bugs for this issue: Affects: epel-all [bug 2122182] Affects: fedora-all [bug 2122181]
Issue is Public Now https://moodle.org/mod/forum/discuss.php?d=437685
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.