← Back

CVE-2022-45152

nvd nist
Published: Nov 25, 2022Modified: Apr 29, 2025

JSON object

Loading...
9.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Exploitability: 3.9 / Impact: 5.2
Source: NVD

Description

A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.

Affected (7)

Moodle
1 product
Moodle
Fedoraproject
2 products
Extra Packages For Enterprise Linux
Fedora
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Moodle
Moodle
Before 3.9.18
Moodle
From 3.11.0 to 3.11.11
Moodle
From 4.0.0 to 4.0.5
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Extra Packages For Enterprise Linux
Version 7.0
Fedoraproject
Fedora
Version 35
Fedora
Version 36
Fedora
Version 37

Related CWEs

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (12)

Source: patrick@puiterwijk.org
Source: patrick@puiterwijk.org
Source: patrick@puiterwijk.org
Source: patrick@puiterwijk.org
Source: patrick@puiterwijk.org
Source: patrick@puiterwijk.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.