CVE-2019-3809: SSRF
First published: Mon Mar 25 2019(Updated: )
A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moodle Moodle | >=3.1.0<=3.1.15 | |
| composer/moodle/moodle | >=3.1<3.1.16 | 3.1.16 |
| >=3.1.0<=3.1.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/weakness
- agent/type
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-jp4g-r8c9-3534
- alias/CVE-2019-3809
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/references
- agent/description
- agent/author
- agent/softwarecombine
- agent/event
- collector/nvd-cve
- source/NVD
- collector/github-advisory
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/moodle
- canonical/moodle moodle
- version/moodle moodle/3.1.0
- version/moodle moodle/3.1.15
- package-manager/composer