Vulnerability Description
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | <= 3.8.8 |
| Fedoraproject | Extra Packages For Enterprise Linux | 7.0 |
| Fedoraproject | Fedora | 35 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2021517Issue TrackingThird Party Advisory
- https://moodle.org/mod/forum/discuss.php?d=429099PatchVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2021517Issue TrackingThird Party Advisory
- https://moodle.org/mod/forum/discuss.php?d=429099PatchVendor Advisory
FAQ
What is CVE-2021-43559?
CVE-2021-43559 is a vulnerability with a CVSS score of 8.8 (HIGH). A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token chec...
How severe is CVE-2021-43559?
CVE-2021-43559 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-43559?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle, Fedoraproject Extra Packages For Enterprise Linux, Fedoraproject Fedora.