The referrer URL used by MFA required additional sanitizing, rather than being used directly.
During the MFA process, the application retrieved the referrer URL and used it directly in application logic, bypassing required sanitization steps. Lack of proper input validation (CWE-20) means that an attacker can provide a crafted referrer URL, which will be processed by the system in an unintended manner. Network vector (AV:N) without required privileges (PR:N) and user interaction (UI:N) indicates that the attack can be conducted remotely by an unauthenticated attacker.
Successful exploitation of the vulnerability may lead to violation of confidentiality, integrity, and availability of the system to a high degree — which corresponds to complete takeover of control over application resources or its users.
Patches available from the vendor should be applied in accordance with the references (https://moodle.org/mod/forum/discuss.php?d=458387). It is recommended to update to the patched version as soon as possible and monitor logs for suspicious Referer header values.
Moodle platform — versions indicated in vendor references
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMoodle
APPMoodle4.3.0 – 4.3.4 (bez)
Related vulnerabilities
The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This ...
In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.
In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insuffic...