Lucene search
HistoryMar 06, 2023 - 9:15 p.m.
CVE-2021-36396
moodle
ssrf risk
curl restrictions
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
32.6%
In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.
Affected configurations
Node
moodlemoodleRange<3.9.8
ORmoodlemoodleRange3.10.0–3.10.5
ORmoodlemoodleRange3.11.0–3.11.1
Related
cvelist
cvelist
CVE-2021-36396
2023-03-06 00:00:00
osv
osv
CVE-2021-36396
2023-03-06 21:15:10
Moodle vulnerable to Server-Side Request Forgery
2023-03-06 21:30:18
BIT-moodle-2021-36396
2024-03-06 11:09:18
ubuntucve
ubuntucve
CVE-2021-36396
2023-03-06 00:00:00
github
github
Moodle vulnerable to Server-Side Request Forgery
2023-03-06 21:30:18
veracode
veracode
Server-side Request Forgery (SSRF)
2023-03-14 02:15:27
prion
prion
Server side request forgery (ssrf)
2023-03-06 21:15:00
cve
cve
CVE-2021-36396
2023-03-06 21:15:10
githubexploit
githubexploit
Exploit for Server-Side Request Forgery in Moodle
2023-11-04 11:45:55
Exploit for SQL Injection in Moodle
2023-11-04 11:45:55
openvas
openvas
Moodle < 3.9.8, 3.10.x < 3.10.5, 3.11.x < 3.11.1 Multiple Vulnerabilities
2023-03-07 00:00:00
nessus
nessus
Moodle 3.11.x < 3.11.1 Multiple Vulnerabilities
2023-02-20 00:00:00
Moodle 3.10.x < 3.10.5 Multiple Vulnerabilities
2023-02-20 00:00:00
Moodle 3.9.x < 3.9.8 Multiple Vulnerabilities
2023-02-20 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
32.6%
Related for NVD:CVE-2021-36396