PT-2018-9881 · Moodle · Moodle

Jordan Tomkinson

Published

2018-01-22

Updated

2022-05-13

CVE-2018-1043

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Moodle versions 3.x

Description: The issue allows the setting for blocked hosts list to be bypassed using multiple A record hostnames.

Recommendations: For Moodle versions 3.x, consider restricting the use of multiple A record hostnames to minimize the risk of bypassing the blocked hosts list setting until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-1043

GHSA-HPWM-84H5-VQR8

Affected Products

Moodle

PT-2018-9881 · Moodle · Moodle

CVE-2018-1043

Related Identifiers

Affected Products

References · 9