Miggo Logo

CVE-2022-0335: Cross Site Request Forgery in Moodle

8.8

CVSS Score
3.1

Basic Information

EPSS Score
0.39231%
Published
1/28/2022
Updated
9/13/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer>= 3.11, < 3.11.53.11.5
moodle/moodlecomposer>= 3.10, < 3.10.83.10.8
moodle/moodlecomposer>= 3.9, < 3.9.113.9.11

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from missing CSRF protection in the badge alignment deletion endpoint. The patch adds 'require_sesskey()' in alignment_action.php's removal handler and includes sesskey in the delete link generation in renderer.php. The core issue was the absence of a token check in the alignment deletion logic, which is implemented in the main procedural flow of alignment_action.php (not a named function). The high confidence comes from the explicit addition of sesskey checks in the commit diff for these specific code paths.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* *l*w w*s *oun* in Moo*l* in v*rsions *.** to *.**.*, *.** to *.**.*, *.* to *.*.** *n* **rli*r unsupport** v*rsions. T** "**l*t* ***** *li*nm*nt" *un*tion*lity *i* not in*lu** t** n***ss*ry tok*n ****k to pr*v*nt * *SR* risk.

Reasoning

T** vuln*r**ility st*ms *rom missin* *SR* prot**tion in t** ***** *li*nm*nt **l*tion *n*point. T** p*t** ***s 'r*quir*_s*ssk*y()' in *li*nm*nt_**tion.p*p's r*mov*l **n*l*r *n* in*lu**s s*ssk*y in t** **l*t* link **n*r*tion in r*n**r*r.p*p. T** *or* i