Veracode Vulnerability DatabaseVERACODE:41066Server-side Request Forgery (SSRF)
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
40.5%
moodle/moodle is vulnerable to Server-side Request Forgery (SSRF). The vulnerability exists because it does not properly define the subnet which allows an attacker to bypass SSRF validation.
References
bugzilla.redhat.com/show_bug.cgi?id=2214373
git.moodle.org/gw?p=moodle.git;a=commitdiff;h=429c403c3fdcd3968a061707c348a59be4ead415
github.com/moodle/moodle/commit/41afb596e6f157f3163a0124e993d160a3a8447d
github.com/moodle/moodle/commit/69596a6bb22678c8994817f8cf4a0a3bb78355c9
github.com/moodle/moodle/commit/6ae19a6c9a323b71152ee006a3a7f56beb90fce1
github.com/moodle/moodle/commit/8e5a14947d2e7d8234a272d4ac9d9caa7284ff09
github.com/moodle/moodle/commit/a801a741b99e795c2ef7721407bbff185799b58b
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/
lists.fedoraproject.org/archives/list/[email protected]/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/
lists.fedoraproject.org/archives/list/[email protected]/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/
moodle.org/mod/forum/discuss.php?d=447831
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
40.5%