Lucene search

GitHub Advisory DatabaseGHSA-H798-H7FF-93XV

HistoryMay 13, 2022 - 1:12 a.m.

Moodle Arbitrary Redirect

2022-05-1301:12:46

CWE-601

GitHub Advisory Database

github.com

moodle

open redirect

vulnerabilities

remote attackers

phishing

http referer

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

EPSS

0.003

Percentile

71.8%

JSON

Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header.

Affected configurations

Vulners

Node

moodlemoodleRange2.8.0–2.8.6

moodlemoodleRange2.7.0–2.7.8

moodlemoodleRange2.6.0–2.6.11

moodlemoodleRange≤2.5.9

VendorProductVersionCPE
moodlemoodle*cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	*	cpe:2.3:a:moodle:moodle::::::::

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49179

openwall.com/lists/oss-security/2015/05/18/1

github.com/advisories/GHSA-h798-h7ff-93xv

github.com/moodle/moodle/commit/b2687a055dc990ca86ddce178d5aee3fb1df644a

github.com/moodle/moodle/commit/db200a8e9f88c8c4a2141ac264062dca74ee2f29

github.com/moodle/moodle/commit/dd0607b7bbaff38cc62e4d00658c02da3fdbb4c8

moodle.org/mod/forum/discuss.php?d=313682

nvd.nist.gov/vuln/detail/CVE-2015-3175

web.archive.org/web/20201030042703/www.securitytracker.com/id/1032358

web.archive.org/web/20210122155902/www.securityfocus.com/bid/74720

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

EPSS

0.003

Percentile

71.8%

JSON

Related for GHSA-H798-H7FF-93XV