First published: Fri Mar 11 2022(Updated: )
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Moodle Moodle | <3.8.9 | |
Moodle Moodle | >=3.9.0<3.9.7 | |
Moodle Moodle | >=3.10.0<3.10.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-32478 is medium with a severity value of 6.1.
The affected software for CVE-2021-32478 is Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions.
CVE-2021-32478 poses risks of reflected XSS and open redirect.
To fix CVE-2021-32478, upgrade to Moodle versions 3.10.4, 3.9.7, or 3.8.9 or apply the necessary patches provided by Moodle.
You can find more information about CVE-2021-32478 at: https://moodle.org/mod/forum/discuss.php?d=422314