CVE-2022-35652
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
Se ha encontrado un problema de redireccionamiento abierto en Moodle debido a un saneamiento inapropiado de los datos suministrados por el usuario en la función de auto-inicio de sesión móvil. Un atacante remoto puede crear un enlace que conlleva a un sitio web confiable, sin embargo, cuando hace clic, redirige a las víctimas a una URL/dominio arbitrario. Una explotación con éxito de esta vulnerabilidad puede permitir a un atacante remoto llevar a cabo un ataque de phishing y robar información potencialmente confidencial
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-12 CVE Reserved
- 2022-07-25 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2106276 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Moodle Search vendor "Moodle" | Moodle Search vendor "Moodle" for product "Moodle" | >= 3.9.0 < 3.9.15 Search vendor "Moodle" for product "Moodle" and version " >= 3.9.0 < 3.9.15" | - |
Affected
| ||||||
| Moodle Search vendor "Moodle" | Moodle Search vendor "Moodle" for product "Moodle" | >= 3.11.0 < 3.11.8 Search vendor "Moodle" for product "Moodle" and version " >= 3.11.0 < 3.11.8" | - |
Affected
| ||||||
| Moodle Search vendor "Moodle" | Moodle Search vendor "Moodle" for product "Moodle" | >= 4.0.0 < 4.0.2 Search vendor "Moodle" for product "Moodle" and version " >= 4.0.0 < 4.0.2" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||