BIT-moodle-2023-35133
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/moodle/BIT-moodle-2023-35133.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-moodle-2023-35133
- Aliases
- Published
- 2024-03-06T10:58:57.190Z
- Modified
- 2024-04-20T07:49:38.167Z
- Summary
- [none]
- Details
-
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
- Database specific
{ "cpes": [ "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:4.2.0:*:*:*:*:*:*:*" ], "severity": "High" }- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/
- https://moodle.org/mod/forum/discuss.php?d=447831
- https://bugzilla.redhat.com/show_bug.cgi?id=2214373
Affected packages
Bitnami / moodle
Package
- Name
- moodle
- Purl
- pkg:bitnami/moodle
Severity
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator