-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from the pre-patch logout handling logic that directly accepted GET parameters to trigger logout. The diff shows the patch added: 1) is_enabled_auth('shibboleth') check 2) $USER->auth verification 3) Proper parameter sanitization via optional_param(). The vulnerable versions lacked these protections, allowing CSRF attacks to trigger unauthorized logouts by abusing the unauthenticated logout endpoint.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| moodle/moodle | composer | < 2.6.7 | 2.6.7 |
| moodle/moodle | composer | >= 2.7.0, < 2.7.4 | 2.7.4 |
| moodle/moodle | composer | >= 2.8.0, < 2.8.2 | 2.8.2 |
A Semantic Attack on Google Gemini - Read the Latest Research