Denial-of-Service Vulnerability in Moodle from Moodle HQ
CVE-2021-32476

7.5HIGH

Key Information:

Vendor: Moodle
Status: Moodle
Vendor: CVE Published:; 11 March 2022

What is CVE-2021-32476?

A vulnerability exists in the draft files area of Moodle, which fails to enforce user file upload limits. This oversight may enable an attacker to exploit the system by overwhelming it with excessive file uploads, potentially leading to service disruptions. The affected versions include Moodle 3.10 (up to 3.10.3), 3.9 (up to 3.9.6), 3.8 (up to 3.8.8), 3.5 (up to 3.5.17), as well as earlier unsupported versions. Users are advised to review their security configurations and update to the patched versions to mitigate this vulnerability.

Affected Version(s)

moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17

References

https://moodle.org/mod/forum/discuss.php?d=422310

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 11, 2022
Vulnerability Reserved
May 7, 2021

CVE-2021-32476 Data

JSON