moodle/moodle is vulnerable to spoofing attacks. The vulnerability exists in the getremoteaddr
function in moodlelib.php
, allowing an attacker to spoof a user’s IP through the X-Forwarded-For headers, bypassing the remote address checks
github.com/advisories/GHSA-4265-mh49-263h
github.com/moodle/moodle/commit/4a3a673d1ee03f243947e8dfd8e747e713e63350
github.com/moodle/moodle/commit/52d5599ff26b4ceec69e8777c5d96d382e31badd
github.com/moodle/moodle/commit/67c44ebd2e8555a0d6e1a8affa7226c0b45aa171
github.com/moodle/moodle/commit/d4034165792b4f13d986a3d4525d42e5660271a8
moodle.org/mod/forum/discuss.php?d=398351