CVE-2018-1043: Moodle Setting for blocked hosts list can be bypassed with multiple A record hostnames
6.5
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.43804%
CWE
-
Published
5/13/2022
Updated
4/23/2024
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
moodle/moodle | composer | >= 3.2, < 3.2.7 | 3.2.7 |
moodle/moodle | composer | >= 3.3, < 3.3.4 | 3.3.4 |
moodle/moodle | composer | >= 3.4, < 3.4.1 | 3.4.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from incomplete validation of DNS A records in Moodle's cURL security check. The 'curl_security_check_host' function (in lib/curl.php) was responsible for validating hosts against the blocked list but only checked the first resolved IP address. Attackers could bypass restrictions by using hostnames that resolve to both allowed and blocked IPs. This aligns with the CVE description of bypassing via multiple A records and matches Moodle's security advisory referencing fixes in cURL host validation logic.