Moderate severityNVD Advisory· Published Nov 23, 2022· Updated Apr 25, 2025
CVE-2022-45149
CVE-2022-45149
Description
A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | >= 3.9.0, < 3.9.18 | 3.9.18 |
moodle/moodlePackagist | >= 3.11.0, < 3.11.11 | 3.11.11 |
moodle/moodlePackagist | >= 4.0.0, < 4.0.5 | 4.0.5 |
Affected products
3- osv-coords2 versions
>= 3.9.0, < 3.9.18+ 1 more
- (no CPE)range: >= 3.9.0, < 3.9.18
- (no CPE)range: >= 3.9.0, < 3.9.18
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-8v23-w4w5-w83cghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DHYIIAUXUBHMBEDYU7TYNZXEN2W2SA2/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74SXNGA5RIWM7QNX7H3G7SYIQLP4UUGV/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRJB5JNKK3VVBLV3NH3RI7COEDAXSAB/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2022-45149ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DHYIIAUXUBHMBEDYU7TYNZXEN2W2SA2ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/74SXNGA5RIWM7QNX7H3G7SYIQLP4UUGVghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NLRJB5JNKK3VVBLV3NH3RI7COEDAXSABghsaWEB
- moodle.org/mod/forum/discuss.phpghsaWEB
News mentions
0No linked articles in our index yet.