Vulnerabilities > CVE-2022-45152 - Server-Side Request Forgery (SSRF) vulnerability in multiple products

047910
CVSS 9.1 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
moodle
fedoraproject
CWE-918
critical

Summary

A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.

Vulnerable Configurations

Part Description Count
Application
Moodle
414
Application
Fedoraproject
1
OS
Fedoraproject
3

Common Weakness Enumeration (CWE)