Candidate: CVE-2016-3734
PublicDate: 2017-04-20 21:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3734
Description:
 Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle
 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through
 2.7.13 and earlier allows remote attackers to hijack the authentication of
 users for requests that marks forum posts as read.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_moodle:
 upstream: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755
upstream_moodle: released (2.7.14+dfsg-1)
precise_moodle: ignored (reached end-of-life)
precise/esm_moodle: DNE (precise was needs-triage)
trusty_moodle: ignored (reached end-of-life)
trusty/esm_moodle: DNE (trusty was needed)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: ignored (reached end-of-life)
xenial_moodle: not-affected (3.0.3+dfsg-0ubuntu1)
yakkety_moodle: not-affected
zesty_moodle: not-affected
artful_moodle: not-affected
bionic_moodle: not-affected
cosmic_moodle: not-affected
disco_moodle: not-affected
devel_moodle: not-affected