CVE-2021-32478

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-32478

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32478.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-32478

Aliases

Downstream

UBUNTU-CVE-2021-32478

Published

2022-03-11T18:15:19.587Z

Modified

2026-03-13T04:54:56.141086Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.

References

https://moodle.org/mod/forum/discuss.php?d=422314

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type

GIT

Repo

https://github.com/moodle/moodle

Events

Introduced

Fixed

49648fdf30aae05b61604a12549436cee8c96436

Introduced

500c131eb49771e36f68d151dfa37fef5a9bc2df

Fixed

270f52bf55acaf121cbae6643a8fa6545d545c3f

Introduced

ec58cefefb2722f61f77c9a2b6a12d40a8c078a0

Fixed

237f4ccada7c8ba85ac9391193293491d8953018

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.8.9"
        },
        {
            "introduced": "3.9.0"
        },
        {
            "fixed": "3.9.7"
        },
        {
            "introduced": "3.10.0"
        },
        {
            "fixed": "3.10.4"
        }
    ]
}

Affected versions

v3.*

v3.10.0

v3.10.0-beta

v3.10.0-rc1

v3.10.0-rc2

v3.10.1

v3.10.2

v3.10.3

v3.9.0

v3.9.1

v3.9.2

v3.9.3

v3.9.4

v3.9.5

v3.9.6

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32478.json"