Security announcements

MSA-18-0001: Server Side Request Forgery in the filepicker

 
Picture of Marina Glancy
MSA-18-0001: Server Side Request Forgery in the filepicker
 

By substituting the source URL in the filepicker AJAX request authenticated users are able to retrieve and view any URL. We classify this issue as serious because some cloud hosting providers contain internal resources that can expose data and compromise a server


Severity/Risk: Serious
Versions affected: 3.4, 3.3 to 3.3.3, 3.2 to 3.2.6, 3.1 to 3.1.9 and earlier unsupported versions
Versions fixed: 3.4.1, 3.3.4, 3.2.7 and 3.1.10
Reported by: Thomas DeVoss
CVE identifier: CVE-2018-1042
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-61131
Tracker issue: MDL-61131 Server Side Request Forgery in /repository/repository_ajax.php (Critical for Cloud Hosted Moodle Instances)