Lucene search
GoogleOSV:GHSA-4RMJ-W58M-FVCHHistoryMar 06, 2023 - 9:30 p.m.
Moodle vulnerable to Server-Side Request Forgery
2023-03-0621:30:18
Google
osv.dev
6
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
27.8%
In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.
Related
cvelist
cvelist
CVE-2021-36396
2023-03-06 00:00:00
osv
osv
CVE-2021-36396
2023-03-06 21:15:10
BIT-moodle-2021-36396
2024-03-06 11:09:18
ubuntucve
ubuntucve
CVE-2021-36396
2023-03-06 00:00:00
veracode
veracode
Server-side Request Forgery (SSRF)
2023-03-14 02:15:27
github
github
Moodle vulnerable to Server-Side Request Forgery
2023-03-06 21:30:18
nvd
nvd
CVE-2021-36396
2023-03-06 21:15:10
prion
prion
Server side request forgery (ssrf)
2023-03-06 21:15:00
cve
cve
CVE-2021-36396
2023-03-06 21:15:10
openvas
openvas
Moodle < 3.9.8, 3.10.x < 3.10.5, 3.11.x < 3.11.1 Multiple Vulnerabilities
2023-03-07 00:00:00
nessus
nessus
Moodle 3.10.x < 3.10.5 Multiple Vulnerabilities
2023-02-20 00:00:00
Moodle 3.11.x < 3.11.1 Multiple Vulnerabilities
2023-02-20 00:00:00
Moodle 3.9.x < 3.9.8 Multiple Vulnerabilities
2023-02-20 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
27.8%
Related for OSV:GHSA-4RMJ-W58M-FVCH