PT-2022-4073 · Moodle+2 · Moodle+2

Petermaster

Published

2020-11-08

Updated

2024-03-06

CVE-2022-35652

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Moodle (affected versions not specified)

Description An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in the mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to an arbitrary URL/domain. Successful exploitation of this issue may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

ALT-PU-2020-3235

ALT-PU-2022-2502

ALT-PU-2022-2553

BDU:2022-04907

BIT-MOODLE-2022-35652

CVE-2022-35652

GHSA-243V-5PFF-QQFJ

Affected Products

Alt Linux

Moodle

Red Os

PT-2022-4073 · Moodle+2 · Moodle+2

CVE-2022-35652

Weakness Enumeration

Related Identifiers

Affected Products

References · 24