{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T02:26:34.784","vulnerabilities":[{"cve":{"id":"CVE-2019-3809","sourceIdentifier":"secalert@redhat.com","published":"2019-03-25T18:29:00.730","lastModified":"2024-11-21T04:42:35.123","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page."},{"lang":"es","value":"Se ha encontrado un error en Moodle, en versiones 3.1 a 3.1.15 y versiones anteriores sin soporte. La funcionalidad ‘‘mybackpack’’ ha permitido establecer la URL de las insignias cuando debería estar restringida la URL del ‘‘backpack’’ de Mozilla Open Badges. Esto ha resultado en la posibilidad de un ataque ciego de SSRF a través de peticiones hechas por la página."}],"metrics":{"cvssMetricV30":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1.0","versionEndIncluding":"3.1.15","matchCriteriaId":"979D2B8B-FB1F-4802-AAFC-13715A82293F"}]}]}],"references":[{"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64222","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3809","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=381229#p1536766","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64222","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3809","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=381229#p1536766","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}