Candidate: CVE-2010-2231
PublicDate: 2010-06-28 17:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2231
Description:
 Cross-site request forgery (CSRF) vulnerability in
 report/overview/report.php in the quiz module in Moodle before 1.8.13 and
 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of
 arbitrary users for requests that delete quiz attempts via the attemptid
 parameter.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=605809
 http://tracker.moodle.org/browse/MDL-21688
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=586280
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_moodle:
upstream_moodle: released (1.9.9)
dapper_moodle: not-affected
hardy_moodle: ignored (reached end-of-life)
jaunty_moodle: ignored (reached end-of-life)
karmic_moodle: ignored (reached end-of-life)
lucid_moodle: ignored (reached end-of-life)
maverick_moodle: ignored (reached end-of-life)
natty_moodle: not-affected (1.9.9.dfsg2-2)
oneiric_moodle: not-affected (1.9.9.dfsg2-2)
precise_moodle: not-affected (1.9.9.dfsg2-2)
quantal_moodle: not-affected (1.9.9.dfsg2-2)
raring_moodle: not-affected (1.9.9.dfsg2-2)
saucy_moodle: not-affected (1.9.9.dfsg2-2)
devel_moodle: not-affected (1.9.9.dfsg2-2)