Lucene search

K

GoogleOSV:GHSA-H798-H7FF-93XV

HistoryMay 13, 2022 - 1:12 a.m.

Moodle Arbitrary Redirect

2022-05-1301:12:46

Google

osv.dev

10

moodle

open redirect

vulnerability

remote attack

phishing

EPSS

0.003

Percentile

71.8%

Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49179

openwall.com/lists/oss-security/2015/05/18/1

github.com/moodle/moodle

github.com/moodle/moodle/commit/b2687a055dc990ca86ddce178d5aee3fb1df644a

github.com/moodle/moodle/commit/db200a8e9f88c8c4a2141ac264062dca74ee2f29

github.com/moodle/moodle/commit/dd0607b7bbaff38cc62e4d00658c02da3fdbb4c8

moodle.org/mod/forum/discuss.php?d=313682

nvd.nist.gov/vuln/detail/CVE-2015-3175

web.archive.org/web/20201030042703/www.securitytracker.com/id/1032358

web.archive.org/web/20210122155902/www.securityfocus.com/bid/74720

EPSS

0.003

Percentile

71.8%

Related for OSV:GHSA-H798-H7FF-93XV

github1 nvd1 veracode1 prion1 ubuntucve1 cvelist1 cve1 openvas3 nessus5 mageia1 fedora3