Skip to main content

Insufficient Verification of Data Authenticity

CVE-2020-1755

Severity Medium
Score 5.3/10

Summary

In Moodle prior to 3.5.11, 3.6.x prior to 3.6.9, 3.7.x prior to 3.7.5, and 3.8.x prior to 3.8.2, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks.

  • LOW
  • NETWORK
  • LOW
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • NONE

CWE-345 - Insufficient Verification of Data Authenticity

The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Advisory Timeline

  • Published