{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-11-17T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within (1) mod/forum/deprecatedlib.php, (2) mod/forum/forum.js, (3) mod/forum/index.php, or (4) mod/forum/lib.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-04-29T18:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "1031215", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1031215"}, {"name": "[oss-security] 20141117 Moodle security issues are now public", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2014/11/17/11"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48019"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://moodle.org/mod/forum/discuss.php?d=275164"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-7838", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within (1) mod/forum/deprecatedlib.php, (2) mod/forum/forum.js, (3) mod/forum/index.php, or (4) mod/forum/lib.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1031215", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031215"}, {"name": "[oss-security] 20141117 Moodle security issues are now public", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2014/11/17/11"}, {"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48019", "refsource": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48019"}, {"name": "https://moodle.org/mod/forum/discuss.php?d=275164", "refsource": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=275164"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:03:27.320Z"}, "title": "CVE Program Container", "references": [{"name": "1031215", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1031215"}, {"name": "[oss-security] 20141117 Moodle security issues are now public", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2014/11/17/11"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48019"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://moodle.org/mod/forum/discuss.php?d=275164"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-7838", "datePublished": "2014-11-24T11:00:00", "dateReserved": "2014-10-03T00:00:00", "dateUpdated": "2024-08-06T13:03:27.320Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "54F15A46-7242-4EAE-986E-9A7DBE7724ED", "versionEndIncluding": "2.4.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "CD1B5B42-ECA9-4888-B18E-AD8D282311DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "9EF03304-032C-4E85-A802-7CDAC89216FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "311BEFF3-A58A-4CA8-BE09-F8D081EA13A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "D7D2A1F8-82FF-4C1A-A872-71D93874EEAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "86E79BB0-6017-441C-9B10-00E55FDF0986", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "CA845882-C0F4-4522-94B2-9AA21A08887A", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "48F341A8-0AC8-4033-8C99-0249B7289F9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "4CE1A520-762B-4A35-8075-ED4ECA0A1CB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "9803CBE2-80A6-47EB-A782-CC8F1E66FBD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "05112EC5-3AAA-499B-8763-345187529C09", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "71407960-077B-4407-B249-789436687D91", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "72728F94-D408-4CAD-A214-800B1D1C7971", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "33C1E9B5-6B2B-4230-92F2-EC0FB307ECF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "6925A366-37EB-41ED-85C8-B56D6A93D4EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "A6400F9D-9654-444F-9EBB-0F73025AD744", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "4E051AAC-EB40-491F-AF0E-EE8143C12567", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "FADBE87F-1855-453B-B958-0CB8A7908A06", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "1B53A7D2-BDA2-4185-97C3-977A04876A37", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within (1) mod/forum/deprecatedlib.php, (2) mod/forum/forum.js, (3) mod/forum/index.php, or (4) mod/forum/lib.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de CSRF en el m\u00f3dulo Forum en Moodle hasta 2.4.11, 2.5.x anterior a 2.5.9, 2.6.x anterior a 2.6.6, y 2.7.x anterior a 2.7.3 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios para solicitudes que fijan una preferencia de seguimiento dentro de (1) mod/forum/deprecatedlib.php, (2) mod/forum/forum.js, (3) mod/forum/index.php, o (4) mod/forum/lib.php."}], "id": "CVE-2014-7838", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-11-24T11:59:08.917", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48019"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2014/11/17/11"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1031215"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=275164"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48019"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2014/11/17/11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1031215"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=275164"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}