MSA-18-0001: Server Side Request Forgery in the filepicker

by Marina Glancy.  

By substituting the source URL in the filepicker AJAX request authenticated users are able to retrieve and view any URL. We classify this issue as serious because some cloud hosting providers contain internal resources that can expose data and compromise a server


Severity/Risk:Serious
Versions affected:3.4, 3.3 to 3.3.3, 3.2 to 3.2.6, 3.1 to 3.1.9 and earlier unsupported versions
Versions fixed:3.4.1, 3.3.4, 3.2.7 and 3.1.10
Reported by:Thomas DeVoss
CVE identifier:CVE-2018-1042
Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-61131
Tracker issue:MDL-61131 Server Side Request Forgery in /repository/repository_ajax.php (Critical for Cloud Hosted Moodle Instances)

Read more https://moodle.org/mod/forum/discuss.php?d=364381&parent=1469490