Candidate: CVE-2014-0010
PublicDate: 2014-01-20 15:14:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0010
 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42883
 https://moodle.org/mod/forum/discuss.php?d=252416
 http://openwall.com/lists/oss-security/2014/01/20/1
Description:
 Multiple cross-site request forgery (CSRF) vulnerabilities in
 user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x
 before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote
 attackers to hijack the authentication of administrators for requests that
 delete (1) categories or (2) fields.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Jun Zhu
Assigned-to:
CVSS: 

Patches_moodle:
 upstream: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42883
upstream_moodle: released (2.6.1, 2.5.4, 2.4.8, 2.3.11)
lucid_moodle: ignored (reached end-of-life)
precise_moodle: ignored (reached end-of-life)
precise/esm_moodle: DNE (precise was needed)
quantal_moodle: ignored (reached end-of-life)
raring_moodle: ignored (reached end-of-life)
saucy_moodle: ignored (reached end-of-life)
trusty_moodle: not-affected (2.5.4-1)
trusty/esm_moodle: DNE (trusty was not-affected [2.5.4-1])
utopic_moodle: not-affected (2.5.4-1)
vivid_moodle: not-affected (2.5.4-1)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: not-affected (2.5.4-1)
xenial_moodle: not-affected (2.5.4-1)
yakkety_moodle: not-affected (2.5.4-1)
zesty_moodle: not-affected (2.5.4-1)
devel_moodle: not-affected (2.5.4-1)