#VU54980 Blind server-side request forgery (SSRF) in Moodle - CVE-2021-36396

Cybersecurity Help s.r.o.

Published: 2021-07-19 | Updated: 2024-10-25

Vulnerability identifier: #VU54980

Vulnerability risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2021-36396

CWE-ID: CWE-918

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Moodle
Web applications / Other software

Vendor: moodle.org

Description

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can bypass cURL blocked hosts/allowed ports restrictions and trick the application to initiate requests to arbitrary systems.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Moodle: 3.9.0 - 3.9.7, 3.10.0 - 3.11.0

External links
https://moodle.org/mod/forum/discuss.php?d=424802
https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71916
https://tracker.moodle.org/browse/MDL-71916

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Moodle