Lucene search

[email protected]NVD:CVE-2023-35133

HistoryJun 22, 2023 - 9:15 p.m.

CVE-2023-35133

2023-06-2221:15:09

CWE-918

[email protected]

web.nvd.nist.gov

curl

ssrf risk

moodle

logic flaw

version vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

40.5%

JSON

An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.

Affected configurations

Nvd

Node

moodlemoodleRange<3.9.22

moodlemoodleRange3.11.0–3.11.15

moodlemoodleRange4.0.0–4.0.9

moodlemoodleRange4.1.0–4.1.4

moodlemoodleMatch4.2.0

VendorProductVersionCPE
moodlemoodle*cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
moodlemoodle4.2.0cpe:2.3:a:moodle:moodle:4.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	*	cpe:2.3:a:moodle:moodle::::::::
moodle	moodle	4.2.0	cpe:2.3:a:moodle:moodle:4.2.0:::::::*

References

bugzilla.redhat.com/show_bug.cgi?id=2214373

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/

moodle.org/mod/forum/discuss.php?d=447831

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

40.5%

JSON

Related for NVD:CVE-2023-35133

prion1 cve1 veracode1 osv3 ubuntucve1 cvelist1 github1 vulnrichment1 openvas3 fedora2 redos1 nessus2