Candidate: CVE-2012-6103
PublicDate: 2013-01-27 22:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6103
 http://www.openwall.com/lists/oss-security/2013/01/21
 https://moodle.org/security/
Description:
 Multiple cross-site request forgery (CSRF) vulnerabilities in
 user/messageselect.php in the messaging system in Moodle 2.2.x before
 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to
 hijack the authentication of arbitrary users for requests that send course
 messages.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Andrew Nicols
Assigned-to:
CVSS: 

Patches_moodle:
 upstream: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36600
upstream_moodle: released (2.4.1)
hardy_moodle: ignored (reached end-of-life)
lucid_moodle: not-affected (1.9.4.dfsg-0ubuntu4)
oneiric_moodle: not-affected (1.9.9.dfsg2-3)
precise_moodle: not-affected (1.9.9.dfsg2-6)
quantal_moodle: ignored (reached end-of-life)
raring_moodle: ignored (reached end-of-life)
saucy_moodle: not-affected (2.5.2-1)
trusty_moodle: not-affected (2.5.4-1ubuntu1)
trusty/esm_moodle: DNE (trusty was not-affected [2.5.4-1ubuntu1])
devel_moodle: not-affected (2.5.4-1ubuntu1)