MSA-18-0001: Server Side Request Forgery in the filepicker

by Marina Glancy.  

By substituting the source URL in the filepicker AJAX request authenticated users are able to retrieve and view any URL. We classify this issue as serious because some cloud hosting providers contain internal resources that can expose data and compromise a server

Versions affected:3.4, 3.3 to 3.3.3, 3.2 to 3.2.6, 3.1 to 3.1.9 and earlier unsupported versions
Versions fixed:3.4.1, 3.3.4, 3.2.7 and 3.1.10
Reported by:Thomas DeVoss
CVE identifier:CVE-2018-1042
Changes (master):
Tracker issue:MDL-61131 Server Side Request Forgery in /repository/repository_ajax.php (Critical for Cloud Hosted Moodle Instances)

Read more