Описание
Moodle vulnerable to Server Side Request Forgery
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-35133
- https://bugzilla.redhat.com/show_bug.cgi?id=2214373
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT
- https://moodle.org/mod/forum/discuss.php?d=447831
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78215
Пакеты
moodle/moodle
= 4.2.0
4.2.1
moodle/moodle
>= 4.1.0, < 4.1.4
4.1.4
moodle/moodle
>= 4.0.0, < 4.0.9
4.0.9
moodle/moodle
>= 3.10.0, < 3.11.15
3.11.15
moodle/moodle
< 3.9.22
3.9.22
Связанные уязвимости
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
An issue in the logic used to check 0.0.0.0 against the cURL blocked h ...
