SSRF Vulnerability in Moodle by Moodle
CVE-2023-35133

7.5HIGH

Key Information:

Vendor

Moodle
Status
moodle
Vendor
CVE Published:
22 June 2023

What is CVE-2023-35133?

A flaw in the logic for validating the IP address 0.0.0.0 against the cURL blocked hosts lists presents an SSRF risk for various versions of Moodle. This issue may allow attackers to bypass security restrictions and make unauthorized requests to internal resources, potentially leading to information disclosure or further exploitation within the network. The impacted versions include Moodle 4.2, multiple 4.1 and 4.0 iterations, as well as 3.11 and 3.9 releases, along with earlier unsupported versions. Users are urged to apply necessary patches to mitigate the risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

moodle 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions

References

https://moodle.org/mod/forum/discuss.php?d=447831
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.