VDB
CVE-2019-3809
CVE-2019-3809
PUBLISHED
A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page.
EPSS 0.26% · 50.0th percentile
Risk Scores
EPSS Score
0.26%
50.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | moodle | *, 2.7.11+dfsg-2, * |
| Ubuntu:18.04:LTS | moodle | *, 0 |
Exploit Intelligence
Timeline
- Mar 25, 2019 CVE Published
- Oct 9, 2019 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-3809 third-party-advisory
- https://moodle.org/mod/forum/discuss.php?d=381229#p1536766 third-party-advisory
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64222 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-3809 third-party-advisory