Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-50784

Any external function that is exposed to ajax could be vulnerable to CSRF

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.9.1, 3.0
    • 2.9.2
    • JavaScript
    • MOODLE_29_STABLE, MOODLE_30_STABLE
    • MOODLE_29_STABLE
    • Hide

      Use the template library - make sure it still functions.

      While you are using the template library - in another tab log out and log in.

      Verify the template library starts throwing exceptions.

      Show
      Use the template library - make sure it still functions. While you are using the template library - in another tab log out and log in. Verify the template library starts throwing exceptions.

    Description

      Because the JSON request could be spoofed from any page - we need to always check the session key for any function which is returning privileged data, or changing any state.

      We can add this by including the sesskey in every request from the ajax amd module, and checking it in lib/ajax/service.php.

      The impact of this bug is very low at the moment, only because we do not expose any dangerous functions to AJAX yet. So we should fix it ASAP.

      Attachments

        Issue Links

          Activity

            People

              damyon Damyon Wiese
              damyon Damyon Wiese
              Petr Skoda Petr Skoda
              Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
              Adrian Greeve Adrian Greeve
              David Woloszyn, Huong Nguyen, Jake Dallimore, Michael Hawkins, Stevani Andolo
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                14/Sep/15