What is CVE-2015-5338?

CVE-2015-5338 is a high-severity vulnerability in Moodle, classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.8/10. Published 2016-02-22.

How severe is CVE-2015-5338?

High severity. CVSS v3 base score is 8.8 out of 10.

CSRF in Moodle

CVE-2015-5338

Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary user…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.001 (30.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Moodle — versions 2.7.0, 2.7.1, 2.7.2
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2015-5338?: CVE-2015-5338 is a high-severity vulnerability in Moodle, classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.8/10. Published 2016-02-22.
How severe is CVE-2015-5338?: High severity. CVSS v3 base score is 8.8 out of 10.