GitHub Advisory DatabaseGHSA-2HW2-H3MF-C2J9Moodle open redirect vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
69.7%
Open redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer header that has a substring match with a local URL.
Affected configurations
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688
openwall.com/lists/oss-security/2015/07/13/2
github.com/advisories/GHSA-2hw2-h3mf-c2j9
github.com/moodle/moodle/commit/5673aae914070fa93b861a39f6bb3eae2f79bbc2
github.com/moodle/moodle/commit/5c1f41f0583e9174ead1530f93dc4b260d8036d5
github.com/moodle/moodle/commit/9580c08e9e4e5e80606d46aea2014f83f863534f
github.com/moodle/moodle/commit/980bd08bdc01586bf8b5d407b049645ea6ff1174
moodle.org/mod/forum/discuss.php?d=316662
nvd.nist.gov/vuln/detail/CVE-2015-3272
web.archive.org/web/20150924032214/www.securitytracker.com/id/1032877
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
69.7%