{"api_version":"1","generated_at":"2026-04-23T00:40:14+00:00","cve":"CVE-2021-43559","urls":{"html":"https://cve.report/CVE-2021-43559","api":"https://cve.report/api/cve/CVE-2021-43559.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-43559","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-43559"},"summary":{"title":"CVE-2021-43559","description":"A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The \"delete related badge\" functionality did not include the necessary token check to prevent a CSRF risk.","state":"PUBLIC","assigner":"patrick@puiterwijk.org","published_at":"2021-11-22 16:15:00","updated_at":"2022-12-21 15:01:00"},"problem_types":["CWE-352"],"metrics":[],"references":[{"url":"https://moodle.org/mod/forum/discuss.php?d=429099","name":"https://moodle.org/mod/forum/discuss.php?d=429099","refsource":"MISC","tags":[],"title":"Moodle.org: MSA-21-0041: CSRF risk on delete related badge feature","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2021517","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2021517","refsource":"MISC","tags":[],"title":"2021517 – (CVE-2021-43559, MSA-21-0041) CVE-2021-43559 moodle: CSRF risk on delete related badge feature","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-43559","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43559","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"43559","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fedoraproject","cpe5":"extra_packages_for_enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43559","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43559","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fedoraproject","cpe5":"fedora_extra_packages_for_enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43559","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"moodle","cpe5":"moodle","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43559","vulnerable":"1","versionEndIncluding":"3.8.8","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"moodle","cpe5":"moodle","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-43559","ASSIGNER":"patrick@puiterwijk.org","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"moodle","version":{"version_data":[{"version_value":"moodle 3.11.4, moodle 3.10.8 and moodle 3.9.11"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-352"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2021517","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2021517"},{"refsource":"MISC","name":"https://moodle.org/mod/forum/discuss.php?d=429099","url":"https://moodle.org/mod/forum/discuss.php?d=429099"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The \"delete related badge\" functionality did not include the necessary token check to prevent a CSRF risk."}]}},"nvd":{"publishedDate":"2021-11-22 16:15:00","lastModifiedDate":"2022-12-21 15:01:00","problem_types":["CWE-352"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11.0","versionEndExcluding":"3.11.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"3.9.0","versionEndExcluding":"3.9.11","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10.0","versionEndExcluding":"3.10.8","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionEndIncluding":"3.8.8","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"43559","Ordinal":"220630","Title":"CVE-2021-43559","CVE":"CVE-2021-43559","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"43559","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}