CVE-2023-35133

Published Jun 22, 2023

Last updated 7 months ago

CVSS high 7.5

Overview

Description: An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
Source: patrick@puiterwijk.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-918
patrick@puiterwijk.org: CWE-918

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B76C4747-9047-4FD2-AC44-4C14C3AD5DFB",
            "versionEndExcluding": "3.9.22"
          },
          {
            "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCE449AA-EFF4-4DF1-8647-918525C5ED67",
            "versionEndExcluding": "3.11.15",
            "versionStartIncluding": "3.11.0"
          },
          {
            "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "313613B7-C1E7-4C71-A593-9A15ABB1F60B",
            "versionEndExcluding": "4.0.9",
            "versionStartIncluding": "4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECBE65E3-FBFE-4C81-95AF-57AB8A34610D",
            "versionEndExcluding": "4.1.4",
            "versionStartIncluding": "4.1.0"
          },
          {
            "criteria": "cpe:2.3:a:moodle:moodle:4.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D167ACE-2D5B-4EEC-A2B5-D68708B3F593"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References