Lucene search

K

GoogleOSV:GHSA-2HW2-H3MF-C2J9

HistoryMay 13, 2022 - 1:12 a.m.

Moodle open redirect vulnerability

2022-05-1301:12:46

Google

osv.dev

8

moodle

clean_param function

open redirect

vulnerability

remote attackers

phishing

http referer header

AI Score

6.6

Confidence

Low

EPSS

0.003

Percentile

69.7%

Open redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer header that has a substring match with a local URL.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688

openwall.com/lists/oss-security/2015/07/13/2

github.com/moodle/moodle

github.com/moodle/moodle/commit/5673aae914070fa93b861a39f6bb3eae2f79bbc2

github.com/moodle/moodle/commit/5c1f41f0583e9174ead1530f93dc4b260d8036d5

github.com/moodle/moodle/commit/9580c08e9e4e5e80606d46aea2014f83f863534f

github.com/moodle/moodle/commit/980bd08bdc01586bf8b5d407b049645ea6ff1174

moodle.org/mod/forum/discuss.php?d=316662

nvd.nist.gov/vuln/detail/CVE-2015-3272

web.archive.org/web/20150924032214/www.securitytracker.com/id/1032877

AI Score

6.6

Confidence

Low

EPSS

0.003

Percentile

69.7%

Related for OSV:GHSA-2HW2-H3MF-C2J9

veracode1 cvelist1 github1 prion1 ubuntucve1 nvd1 cve1 mageia1 openvas3 nessus5 freebsd1 fedora3