AI Score
Confidence
High
EPSS
Percentile
70.3%
Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52651
www.openwall.com/lists/oss-security/2016/03/21/1
www.securitytracker.com/id/1035333
moodle.org/mod/forum/discuss.php?d=330181