vulnerability
Moodle: Server-Side Request Forgery (SSRF) (CVE-2023-35133)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | Jun 22, 2023 | Jul 4, 2023 | Feb 15, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Jun 22, 2023
Added
Jul 4, 2023
Modified
Feb 15, 2026
Description
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
Solutions
moodle-upgrade-3_11_15moodle-upgrade-3_9_22moodle-upgrade-4_0_9moodle-upgrade-4_1_4
References
- CVE-2023-35133
- https://attackerkb.com/topics/CVE-2023-35133
- CWE-918
- https://bugzilla.redhat.com/show_bug.cgi?id=2214373
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/
- https://moodle.org/mod/forum/discuss.php?d=447831
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.