QwikSec

Security Database

CVE

CWE

Training

CVE-2022-45149

Published: Nov 23, 2022

Modified: Apr 25, 2025

PUBLISHED

Description

A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.

Vendor	Product	Versions
n/a	Moodle	affected `Fixed in moodle 4.0.5, moodle 3.11.11, moodle 3.9.18`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=2142772

https://moodle.org/mod/forum/discuss.php?d=440769

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75862

FEDORA-2022-f7fdcb1820

vendor-advisory

FEDORA-2022-cb7084ae1c

vendor-advisory

FEDORA-2022-74a9c8e95f

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.