Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-36396)

Description

In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.

Remediation

References

CVE-2021-36396

Related Vulnerabilities

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Scripting (2.0.51)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Scripting (3.8.3)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1734)

WordPress Plugin Product Slider for WooCommerce Cross-Site Scripting (2.6.3)

Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5383)

Severity

High

Classification

CVE-2021-36396 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N