Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-243v-5pff-qqfj

Опубликовано: 26 июл. 2022
Источник: github
Github: Прошло ревью
CVSS3: 6.1

Описание

Moodle Open redirect risk in mobile auto-login feature

An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

Ссылки

Пакеты

Наименование

moodle/moodle

composer
Затронутые версииВерсия исправления

>= 4.0, < 4.0.2

4.0.2

Наименование

moodle/moodle

composer
Затронутые версииВерсия исправления

>= 3.11, < 3.11.8

3.11.8

Наименование

moodle/moodle

composer
Затронутые версииВерсия исправления

>= 3.9, < 3.9.15

3.9.15

EPSS

Процентиль: 52%
0.00289
Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2022-35652

Дефекты

CWE-601

Связанные уязвимости

ubuntu логотип

CVE-2022-35652

CVSS3: 6.1
ubuntu
почти 3 года назад

An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

nvd логотип

CVE-2022-35652

CVSS3: 6.1
nvd
почти 3 года назад

An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

debian логотип

CVE-2022-35652

CVSS3: 6.1
debian
почти 3 года назад

An open redirect issue was found in Moodle due to improper sanitizatio ...

fstec логотип

BDU:2022-04907

CVSS3: 4.7
fstec
почти 3 года назад

Уязвимость реализации функции автоматического входа в систему с мобильных устройств виртуальной обучающей среды Moodle, позволяющая нарушителю провести фишинговую атаку и раскрыть защищаемую информацию

redos логотип

ROS-20221013-02

CVSS3: 9.8
redos
больше 2 лет назад

Множественные уязвимости Moodle

EPSS

Процентиль: 52%
0.00289
Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2022-35652

Дефекты

CWE-601