Vulnerability Description
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | < 3.9.22 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2214373
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://moodle.org/mod/forum/discuss.php?d=447831PatchVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2214373
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://moodle.org/mod/forum/discuss.php?d=447831PatchVendor Advisory
FAQ
What is CVE-2023-35133?
CVE-2023-35133 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3....
How severe is CVE-2023-35133?
CVE-2023-35133 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-35133?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle.