Description
auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL, which allows remote attackers to obtain sensitive information by sniffing the network.
Remediation
References
Related Vulnerabilities
WordPress Plugin SVG Support Cross-Site Scripting (2.3.19)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-26071)
WordPress Plugin CM Ad Changer Cross-Site Scripting (1.7.7)
Oracle Database Server CVE-2023-22074 Vulnerability (CVE-2023-22074)
WordPress Plugin Instant Images-One Click Unsplash Uploads Cross-Site Scripting (4.4.0)