CVE-2019-3809

Published: Mar 25, 2019

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.0

6.5

MEDIUM

Description

A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page.

Vendor	Product	Versions
[UNKNOWN]	moodle	affected `3.1.16`

Weaknesses (CWE)

CWE-352

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3809

x_refsource_CONFIRM

https://moodle.org/mod/forum/discuss.php?d=381229#p1536766

x_refsource_CONFIRM

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64222

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-3809

Description

Affected Products

Weaknesses (CWE)

CVSS v3.0 Details

References