Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2022-45152
HistoryNov 25, 2022 - 12:00 a.m.

CVE-2022-45152

2022-11-2500:00:00
ubuntu.com
ubuntu.com
14
ssrf
moodle
lti
vulnerability
validation
curl
risk
http
remote attacker
unix

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

0.003 Low

EPSS

Percentile

69.7%

JSON

A blind Server-Side Request Forgery (SSRF) vulnerability was found in
Moodle. This flaw exists due to insufficient validation of user-supplied
input in LTI provider library. The library does not utilise Moodle’s
inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can
send a specially crafted HTTP request and trick the application to initiate
requests to arbitrary systems. This vulnerability allows a remote attacker
to perform SSRF attacks.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchmoodle< anyUNKNOWN
ubuntu16.04noarchmoodle< anyUNKNOWN

Related

nvd 1
prion 1
osv 3
veracode 1
github 1
cvelist 1
cve 1
openvas 4
fedora 3
redos 1
nessus 5
nvd
nvd
CVE-2022-45152
2022-11-25 19:15:12
prion
prion
Server side request forgery (ssrf)
2022-11-25 19:15:00
osv
osv
Moodle blind Server-Side Request Forgery (SSRF) vulnerability in LTI provider library
2022-11-25 21:30:26
BIT-moodle-2022-45152
2024-03-06 11:01:44
CVE-2022-45152
2022-11-25 19:15:12
veracode
veracode
Server-side Request Forgery (SSRF)
2022-11-28 04:25:52
github
github
Moodle blind Server-Side Request Forgery (SSRF) vulnerability in LTI provider library
2022-11-25 21:30:26
cvelist
cvelist
CVE-2022-45152
2022-11-25 00:00:00
cve
cve
CVE-2022-45152
2022-11-25 19:15:12
openvas
openvas
Moodle < 3.9.18, 3.11.x < 3.11.11, 4.x < 4.0.5 Multiple Vulnerabilities
2022-11-29 00:00:00
Fedora: Security Advisory for moodle (FEDORA-2022-74a9c8e95f)
2022-12-07 00:00:00
Fedora: Security Advisory for moodle (FEDORA-2022-cb7084ae1c)
2022-12-07 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: moodle-3.11.11-1.fc36
2022-12-07 01:43:20
[SECURITY] Fedora 35 Update: moodle-3.11.11-1.fc35
2022-12-07 01:43:11
[SECURITY] Fedora 37 Update: moodle-4.1-1.fc37
2022-12-07 01:37:00
redos
redos
ROS-20221222-03
2022-12-22 00:00:00
nessus
nessus
Moodle 3.9.x < 3.9.18 Multiple Vulnerabilities
2023-02-20 00:00:00
Moodle 4.0.x < 4.0.5 Multiple Vulnerabilities
2023-02-20 00:00:00
Moodle 3.11.x < 3.11.11 Multiple Vulnerabilities
2023-02-20 00:00:00

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

0.003 Low

EPSS

Percentile

69.7%

JSON
Related for UB:CVE-2022-45152
nvd1prion1osv3veracode1github1cvelist1cve1openvas4fedora3redos1nessus5