Lucene search

RedhatCVELIST:CVE-2020-1755

HistoryAug 16, 2022 - 7:29 p.m.

CVE-2020-1755

2022-08-1619:29:48

CWE-345

redhat

www.cve.org

moodle

security issue

x-forwarded-for

ip spoofing

remote address checks

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

31.3%

JSON

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user’s IP, in order to bypass remote address checks.

CNA Affected

[
  {
    "product": "Moodle",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "3.8 to 3.8.1, 3.7 to 3.7.4, 3.6 to 3.6.8, 3.5 to 3.5.10 and earlier unsupported versions"
      }
    ]
  }
]

References

moodle.org/mod/forum/discuss.php?d=398351