Description

A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page.

Remediation

References

CVE-2019-3809

Related Vulnerabilities

Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2021-3629)

Oracle Database Server CVE-2009-1995 Vulnerability (CVE-2009-1995)

WordPress Plugin KBoard Multiple Vulnerabilities (3.3)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-3946)

Jenkins Missing Authorization Vulnerability (CVE-2021-21695)

Severity

Critical

Classification

CVE-2019-3809 CWE-918 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities