CVE-2019-3809

Опубликовано: 25 мар. 2019

Источник: nvd

CVSS3: 6.5

CVSS3: 10

CVSS2: 7.5

EPSS Низкий

Описание

A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page.

Ссылки

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64222
Patch
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3809
Issue Tracking
Patch
Third Party Advisory
https://moodle.org/mod/forum/discuss.php?d=381229#p1536766
Patch
Vendor Advisory
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64222
Patch
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3809
Issue Tracking
Patch
Third Party Advisory
https://moodle.org/mod/forum/discuss.php?d=381229#p1536766
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия от 3.1.0 (включая) до 3.1.15 (включая)

EPSS

Процентиль: 51%

0.00279

Низкий

6.5 Medium

CVSS3

10 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-352

CWE-918

Связанные уязвимости

CVE-2019-3809

CVSS3: 6.5

ubuntu

около 6 лет назад

CVE-2019-3809

CVSS3: 6.5

debian

около 6 лет назад

A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsuppor ...

GHSA-jp4g-r8c9-3534

CVSS3: 10

github

около 3 лет назад

Moodle Blind SSRF Risk in /badges/mybackpack.php

EPSS

Процентиль: 51%

0.00279

Низкий

6.5 Medium

CVSS3

10 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-352

CWE-918