Lucene search
GoogleOSV:BIT-MOODLE-2021-36396HistoryMar 06, 2024 - 11:09 a.m.
BIT-moodle-2021-36396
2024-03-0611:09:18
Google
osv.dev
8
moodle
redirect handling
blind ssrf
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
6.7
Confidence
Low
EPSS
0.001
Percentile
32.6%
In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.
Related
cvelist
cvelist
CVE-2021-36396
2023-03-06 00:00:00
osv
osv
CVE-2021-36396
2023-03-06 21:15:10
Moodle vulnerable to Server-Side Request Forgery
2023-03-06 21:30:18
ubuntucve
ubuntucve
CVE-2021-36396
2023-03-06 00:00:00
nvd
nvd
CVE-2021-36396
2023-03-06 21:15:10
github
github
Moodle vulnerable to Server-Side Request Forgery
2023-03-06 21:30:18
veracode
veracode
Server-side Request Forgery (SSRF)
2023-03-14 02:15:27
prion
prion
Server side request forgery (ssrf)
2023-03-06 21:15:00
cve
cve
CVE-2021-36396
2023-03-06 21:15:10
githubexploit
githubexploit
Exploit for Server-Side Request Forgery in Moodle
2023-11-04 11:45:55
Exploit for SQL Injection in Moodle
2023-11-04 11:45:55
openvas
openvas
Moodle < 3.9.8, 3.10.x < 3.10.5, 3.11.x < 3.11.1 Multiple Vulnerabilities
2023-03-07 00:00:00
nessus
nessus
Moodle 3.11.x < 3.11.1 Multiple Vulnerabilities
2023-02-20 00:00:00
Moodle 3.10.x < 3.10.5 Multiple Vulnerabilities
2023-02-20 00:00:00
Moodle 3.9.x < 3.9.8 Multiple Vulnerabilities
2023-02-20 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
6.7
Confidence
Low
EPSS
0.001
Percentile
32.6%
Related for OSV:BIT-MOODLE-2021-36396