CVE-2022-35652

URL Redirection to Untrusted Site ('Open Redirect') in packagist/moodle/moodle

Identifiers

CVE-2022-35652

Package Slug

packagist/moodle/moodle

Vulnerability

URL Redirection to Untrusted Site ('Open Redirect')

Description

An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

Affected Versions

All versions starting from 3.9.0 before 3.9.15, all versions starting from 3.11.0 before 3.11.8, all versions starting from 4.0.0 before 4.0.2

Solution

Upgrade to versions 3.9.15, 3.11.8, 4.0.2 or above.

Last Modified

2022-08-02

source