FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

moodle -- Login CSRF vulnerability

Affected packages
moodle31 < 3.1.15
moodle33 < 3.3.9
moodle34 < 3.4.6
moodle35 < 3.5.3

Details

VuXML ID 889e35f4-f6a0-11e8-82dc-fcaa147e860e
Discovery 2018-11-06
Entry 2018-12-03

moodle reports:

The login form is not protected by a token to prevent login cross-site request forgery.

References

CVE Name CVE-2018-16854
URL https://moodle.org/mod/forum/discuss.php?d=378731