GitHub Advisory DatabaseGHSA-HXMP-8F47-X9FCMoodle Open Redirect Via Error Messages
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
7 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.0%
The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users into visiting arbitrary web sites via error message links that lead offsite.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| moodle/moodle | lt | 2.1.1 | |
| moodle/moodle | lt | 2.0.4 | |
| moodle/moodle | lt | 1.9.13 |
References
git.moodle.org/gw?p=moodle.git;a=commit;h=8f9f666c902cb30ef6f519353f38c45a29fdf4a6
moodle.org/mod/forum/discuss.php?d=182737
openwall.com/lists/oss-security/2011/11/14/1
github.com/advisories/GHSA-hxmp-8f47-x9fc
github.com/moodle/moodle/commit/18c2fcf8f19e00f0e89421d8fd8b7486a6dc6f79
github.com/moodle/moodle/commit/417fdfab6bbdcfc3f5b64704ec06912ae9cd1050
github.com/moodle/moodle/commit/8f9f666c902cb30ef6f519353f38c45a29fdf4a6
nvd.nist.gov/vuln/detail/CVE-2011-4294
Related
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
7 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.0%