CVE-2012-6103

NameCVE-2012-6103
DescriptionMultiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs702387

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
moodlesourcesqueeze(not affected)
moodlesourcewheezy2.2.3.dfsg-2.6~wheezy2
moodlesource(unstable)2.5-1low702387

Notes

[squeeze] - moodle <not-affected> (Only affects 2.2 and above)
Search for package or bug name: Reporting problems