PT-2021-3685 · Moodle+1 · Moodle+1

Holme

Published

2020-10-15

Updated

2025-03-05

CVE-2021-36396

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Moodle (affected versions not specified)

Description The issue is related to insufficient redirect handling in Moodle, allowing an attacker to bypass cURL blocked hosts/allowed ports restrictions. This results in a blind Server-Side Request Forgery (SSRF) risk, where an attacker can exploit the vulnerability to perform SSRF attacks. The vulnerability is associated with inadequate input validation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

ALT-PU-2020-3059

ALT-PU-2020-3235

ALT-PU-2020-3289

ALT-PU-2021-1050

ALT-PU-2021-1098

ALT-PU-2021-1445

ALT-PU-2021-1497

ALT-PU-2021-1777

ALT-PU-2021-2215

ALT-PU-2021-2787

ALT-PU-2021-3258

ALT-PU-2021-3335

ALT-PU-2022-1064

ALT-PU-2022-1476

ALT-PU-2022-1641

ALT-PU-2022-2450

BDU:2021-03918

BIT-MOODLE-2021-36396

CVE-2021-36396

GHSA-4RMJ-W58M-FVCH

Affected Products

Alt Linux

Moodle

PT-2021-3685 · Moodle+1 · Moodle+1

CVE-2021-36396

Weakness Enumeration

Related Identifiers

Affected Products

References · 16