MSA-22-0032: Blind SSRF risk in LTI provider library Moodle's LTI provider library did not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. Versions affected: 4.0 to 4.0.4, 3.11 to 3.11.10, 3.9 to 3.9.17 and earlier unsupported versions Versions fixed: 4.0.5, 3.11.11 and 3.9.18
References: https://moodle.org/mod/forum/discuss.php?d=440772 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71920
Created moodle tracking bugs for this issue: Affects: epel-7 [bug 2144704] Affects: fedora-35 [bug 2144705] Affects: fedora-36 [bug 2144706] Affects: fedora-37 [bug 2144707]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.