Description

A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.

Remediation

References

CVE-2022-45152

Related Vulnerabilities

Oracle JRE CVE-2012-5072 Vulnerability (CVE-2012-5072)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2165)

Mailman Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-5024)

WordPress Plugin WP Prayer Multiple Cross-Site Request Forgery Vulnerabilities (1.6.5)

MySQL CVE-2021-2193 Vulnerability (CVE-2021-2193)

Severity

Critical

Classification

CVE-2022-45152 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities