CVE-2023-35133

Summary

An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.

Affected Software

VendorProductVersion RangeStatus
4.2.0 < 4.2.1affected
4.1.0 < 4.1.4affected
4.0.0 < 4.0.9affected
3.11.0 < 3.11.15affected
0 < 3.9.22affected

Weaknesses

  • CWE-918: Server-Side Request Forgery (SSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References