MSA-19-0002: Blind SSRF Risk in /badges/mybackpack.php

by Michael Hawkins.  

The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page.


Severity/Risk:Minor
Versions affected:3.1 to 3.1.15 and earlier unsupported versions
Versions fixed:3.1.16
Reported by:Alejandro Parodi
Workaround:Ensure your firewall rules effectively protect other internal hosts and ports from unauthorised access.
CVE identifier:CVE-2019-3809
Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64222
Tracker issue:MDL-64222 Blind SSRF risk in /badges/mybackpack.php

Read more https://moodle.org/mod/forum/discuss.php?d=381229&parent=1536766