Search for vulnerabilities
Vulnerability details: VCID-hz1u-sbcc-63fe
Vulnerability ID VCID-hz1u-sbcc-63fe
Aliases CVE-2021-43559
GHSA-3jrj-x6cj-97cp
Summary Moodle contains CSRF vulnerability A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-352 Cross-Site Request Forgery (CSRF)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2021-43559
epss 0.00173 https://api.first.org/data/v1/epss?cve=CVE-2021-43559
cvssv3.1 8.8 https://bugzilla.redhat.com/show_bug.cgi?id=2021517
generic_textual HIGH https://bugzilla.redhat.com/show_bug.cgi?id=2021517
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-3jrj-x6cj-97cp
cvssv3.1 8.8 https://github.com/moodle/moodle/commit/20d41ebae4eb28269298504c68db511a05ec4969
generic_textual HIGH https://github.com/moodle/moodle/commit/20d41ebae4eb28269298504c68db511a05ec4969
cvssv3.1 8.8 https://moodle.org/mod/forum/discuss.php?d=429099
generic_textual HIGH https://moodle.org/mod/forum/discuss.php?d=429099
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43559
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43559
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2021-43559
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2021-43559
https://bugzilla.redhat.com/show_bug.cgi?id=2021517
https://github.com/moodle/moodle/commit/20d41ebae4eb28269298504c68db511a05ec4969
https://moodle.org/mod/forum/discuss.php?d=429099
https://nvd.nist.gov/vuln/detail/CVE-2021-43559
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
GHSA-3jrj-x6cj-97cp https://github.com/advisories/GHSA-3jrj-x6cj-97cp
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2021517
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/moodle/moodle/commit/20d41ebae4eb28269298504c68db511a05ec4969
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://moodle.org/mod/forum/discuss.php?d=429099
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-43559
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-43559
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.39334
EPSS Score 0.00173
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:27:42.033290+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3jrj-x6cj-97cp/GHSA-3jrj-x6cj-97cp.json 36.1.3