Insufficient Verification of Data Authenticity
CVE-2020-1755
Summary
In Moodle prior to 3.5.11, 3.6.x prior to 3.6.9, 3.7.x prior to 3.7.5, and 3.8.x prior to 3.8.2, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks.
- LOW
- NETWORK
- LOW
- UNCHANGED
- NONE
- NONE
- NONE
- NONE
CWE-345 - Insufficient Verification of Data Authenticity
The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Advisory Timeline
- Published