{"api_version":"1","generated_at":"2026-04-24T02:50:49+00:00","cve":"CVE-2023-35133","urls":{"html":"https://cve.report/CVE-2023-35133","api":"https://cve.report/api/cve/CVE-2023-35133.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-35133","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-35133"},"summary":{"title":"CVE-2023-35133","description":"An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.","state":"PUBLIC","assigner":"patrick@puiterwijk.org","published_at":"2023-06-22 21:15:00","updated_at":"2023-11-07 04:15:00"},"problem_types":["CWE-918"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/","name":"FEDORA-2023-3ca351353f","refsource":"","tags":[],"title":"[SECURITY] Fedora 38 Update: moodle-4.1.4-1.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/","name":"FEDORA-2023-ce24b63b36","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 37 Update: moodle-4.1.4-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://moodle.org/mod/forum/discuss.php?d=447831","name":"https://moodle.org/mod/forum/discuss.php?d=447831","refsource":"MISC","tags":[],"title":"Moodle.org: MSA-23-0018: SSRF risk due to insufficient check on the cURL blocked hosts list","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/","name":"FEDORA-2023-ce24b63b36","refsource":"","tags":[],"title":"[SECURITY] Fedora 37 Update: moodle-4.1.4-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/","name":"FEDORA-2023-3ca351353f","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 38 Update: moodle-4.1.4-1.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-35133","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-35133","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"35133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"moodle","cpe5":"moodle","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"35133","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"moodle","cpe5":"moodle","cpe6":"4.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-35133","qid":"284115","title":"Fedora Security Update for moodle (FEDORA-2023-3ca351353f)"},{"cve":"CVE-2023-35133","qid":"284116","title":"Fedora Security Update for moodle (FEDORA-2023-ce24b63b36)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2023-35133","ASSIGNER":"patrick@puiterwijk.org","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"moodle","version":{"version_data":[{"version_value":"4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-918"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://moodle.org/mod/forum/discuss.php?d=447831","url":"https://moodle.org/mod/forum/discuss.php?d=447831"},{"refsource":"FEDORA","name":"FEDORA-2023-ce24b63b36","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/"},{"refsource":"FEDORA","name":"FEDORA-2023-3ca351353f","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/"}]},"description":{"description_data":[{"lang":"eng","value":"An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions."}]}},"nvd":{"publishedDate":"2023-06-22 21:15:00","lastModifiedDate":"2023-11-07 04:15:00","problem_types":["CWE-918"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:moodle:moodle:4.2.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1.0","versionEndExcluding":"4.1.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.9","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11.0","versionEndExcluding":"3.11.15","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionEndExcluding":"3.9.22","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}