==================================================================== CERT-Renater Note d'Information No. 2019/VULN014 _____________________________________________________________________ DATE : 18/01/2019 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S):   Systems running Moodle versions prior to 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 ===================================================================== https://moodle.org/mod/forum/discuss.php?d=381229#p1536766 The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page. /Severity/Risk:/ *Minor* /Versions affected:/ 3.1 to 3.1.15 and earlier unsupported versions /Versions fixed:/ *3.1.16* /Reported by:/ Alejandro Parodi /Workaround:/ Ensure your firewall rules effectively protect other internal hosts and ports from unauthorised access. /CVE identifier:/ CVE-2019-3809 /Changes (master):/ http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64222 /Tracker issue:/ MDL-64222  Blind SSRF risk in /badges/mybackpack.php ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + ========================================================= --------------01BE1A1FB66CC4C3C6C9CD50 
====================================================================
                             CERT-Renater
                 Note d'Information No. 2019/VULN014
_____________________________________________________________________
DATE                : 18/01/2019
HARDWARE PLATFORM(S): /
OPERATING SYSTEM(S):  

Systems running Moodle versions prior to 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15
=====================================================================
https://moodle.org/mod/forum/discuss.php?d=381229#p1536766

The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page.


Severity/Risk: Minor
Versions affected: 3.1 to 3.1.15 and earlier unsupported versions
Versions fixed: 3.1.16
Reported by: Alejandro Parodi
Workaround: Ensure your firewall rules effectively protect other internal hosts and ports from unauthorised access.
CVE identifier: CVE-2019-3809
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64222
Tracker issue: MDL-64222 Blind SSRF risk in /badges/mybackpack.php 












=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================
--------------01BE1A1FB66CC4C3C6C9CD50--