CVE-2016-3734

Published on: 04/20/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:03 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Certain versions of Moodle from Moodle contain the following vulnerability:

Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.

  • CVE-2016-3734 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 6.8 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
oss-security - Moodle security release 3.0.4, 2.9.6, 2.8.12, 2.7.14 Mailing List
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160517 Moodle security release 3.0.4, 2.9.6, 2.8.12, 2.7.14
Official Moodle git projects - moodle.git/search Patch
git.moodle.org
text/xml
URL Logo CONFIRM git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755
Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 91281
1335933 – (CVE-2016-3729, CVE-2016-3731, CVE-2016-3732, CVE-2016-3733, CVE-2016-3734) CVE-2016-3729 CVE-2016-3731 CVE-2016-3732 CVE-2016-3733 CVE-2016-3734 moodle: Multiple vulnerabilities fixed in 3.0.4, 2.9.6, 2.8.12 and 2.7.14 Issue Tracking
Third Party Advisory
bugzilla.redhat.com
text/html
URL Logo CONFIRM bugzilla.redhat.com/show_bug.cgi?id=1335933
Moodle Bugs Let Remote Users Access and Modify Data and Conduct Cross-Site Request Forgery Attacks - SecurityTracker Third Party Advisory
VDB Entry
www.securitytracker.com
text/html
URL Logo SECTRACK 1035902

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationMoodleMoodle2.7.0AllAllAll
ApplicationMoodleMoodle2.7.0betaAllAll
ApplicationMoodleMoodle2.7.0rc1AllAll
ApplicationMoodleMoodle2.7.0rc2AllAll
ApplicationMoodleMoodle2.7.1AllAllAll
ApplicationMoodleMoodle2.7.10AllAllAll
ApplicationMoodleMoodle2.7.11AllAllAll
ApplicationMoodleMoodle2.7.12AllAllAll
ApplicationMoodleMoodle2.7.13AllAllAll
ApplicationMoodleMoodle2.7.2AllAllAll
ApplicationMoodleMoodle2.7.3AllAllAll
ApplicationMoodleMoodle2.7.4AllAllAll
ApplicationMoodleMoodle2.7.5AllAllAll
ApplicationMoodleMoodle2.7.6AllAllAll
ApplicationMoodleMoodle2.7.7AllAllAll
ApplicationMoodleMoodle2.7.8AllAllAll
ApplicationMoodleMoodle2.7.9AllAllAll
ApplicationMoodleMoodle2.8.0AllAllAll
ApplicationMoodleMoodle2.8.1AllAllAll
ApplicationMoodleMoodle2.8.10AllAllAll
ApplicationMoodleMoodle2.8.11AllAllAll
ApplicationMoodleMoodle2.8.2AllAllAll
ApplicationMoodleMoodle2.8.3AllAllAll
ApplicationMoodleMoodle2.8.4AllAllAll
ApplicationMoodleMoodle2.8.5AllAllAll
ApplicationMoodleMoodle2.8.6AllAllAll
ApplicationMoodleMoodle2.8.7AllAllAll
ApplicationMoodleMoodle2.8.8AllAllAll
ApplicationMoodleMoodle2.8.9AllAllAll
ApplicationMoodleMoodle2.9.0AllAllAll
ApplicationMoodleMoodle2.9.1AllAllAll
ApplicationMoodleMoodle2.9.2AllAllAll
ApplicationMoodleMoodle2.9.3AllAllAll
ApplicationMoodleMoodle2.9.4AllAllAll
ApplicationMoodleMoodle2.9.5AllAllAll
ApplicationMoodleMoodle3.0.0AllAllAll
ApplicationMoodleMoodle3.0.0betaAllAll
ApplicationMoodleMoodle3.0.0rc1AllAll
ApplicationMoodleMoodle3.0.0rc2AllAll
ApplicationMoodleMoodle3.0.0rc3AllAll
ApplicationMoodleMoodle3.0.0rc4AllAll
ApplicationMoodleMoodle3.0.1AllAllAll
ApplicationMoodleMoodle3.0.2AllAllAll
ApplicationMoodleMoodle3.0.3AllAllAll
ApplicationMoodleMoodle2.7.0AllAllAll
ApplicationMoodleMoodle2.7.0betaAllAll
ApplicationMoodleMoodle2.7.0rc1AllAll
ApplicationMoodleMoodle2.7.0rc2AllAll
ApplicationMoodleMoodle2.7.1AllAllAll
ApplicationMoodleMoodle2.7.10AllAllAll
ApplicationMoodleMoodle2.7.11AllAllAll
ApplicationMoodleMoodle2.7.12AllAllAll
ApplicationMoodleMoodle2.7.13AllAllAll
ApplicationMoodleMoodle2.7.2AllAllAll
ApplicationMoodleMoodle2.7.3AllAllAll
ApplicationMoodleMoodle2.7.4AllAllAll
ApplicationMoodleMoodle2.7.5AllAllAll
ApplicationMoodleMoodle2.7.6AllAllAll
ApplicationMoodleMoodle2.7.7AllAllAll
ApplicationMoodleMoodle2.7.8AllAllAll
ApplicationMoodleMoodle2.7.9AllAllAll
ApplicationMoodleMoodle2.8.0AllAllAll
ApplicationMoodleMoodle2.8.1AllAllAll
ApplicationMoodleMoodle2.8.10AllAllAll
ApplicationMoodleMoodle2.8.11AllAllAll
ApplicationMoodleMoodle2.8.2AllAllAll
ApplicationMoodleMoodle2.8.3AllAllAll
ApplicationMoodleMoodle2.8.4AllAllAll
ApplicationMoodleMoodle2.8.5AllAllAll
ApplicationMoodleMoodle2.8.6AllAllAll
ApplicationMoodleMoodle2.8.7AllAllAll
ApplicationMoodleMoodle2.8.8AllAllAll
ApplicationMoodleMoodle2.8.9AllAllAll
ApplicationMoodleMoodle2.9.0AllAllAll
ApplicationMoodleMoodle2.9.1AllAllAll
ApplicationMoodleMoodle2.9.2AllAllAll
ApplicationMoodleMoodle2.9.3AllAllAll
ApplicationMoodleMoodle2.9.4AllAllAll
ApplicationMoodleMoodle2.9.5AllAllAll
ApplicationMoodleMoodle3.0.0AllAllAll
ApplicationMoodleMoodle3.0.0betaAllAll
ApplicationMoodleMoodle3.0.0rc1AllAll
ApplicationMoodleMoodle3.0.0rc2AllAll
ApplicationMoodleMoodle3.0.0rc3AllAll
ApplicationMoodleMoodle3.0.0rc4AllAll
ApplicationMoodleMoodle3.0.1AllAllAll
ApplicationMoodleMoodle3.0.2AllAllAll
ApplicationMoodleMoodle3.0.3AllAllAll
  • cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.0:beta:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.0:rc1:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.0:rc2:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.13:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.9.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.9.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.9.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.9.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:3.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:3.0.0:beta:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:3.0.0:rc1:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:3.0.0:rc2:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:3.0.0:rc3:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:3.0.0:rc4:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:3.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:3.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:3.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.0:beta:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.0:rc1:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.0:rc2:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.13:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.7.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.8.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.9.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.9.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.9.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:2.9.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:3.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:3.0.0:beta:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:3.0.0:rc1:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:3.0.0:rc2:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:3.0.0:rc3:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:3.0.0:rc4:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:3.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:3.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:moodle:moodle:3.0.3:*:*:*:*:*:*:*: