What the vulnerability does

01Description

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks.

Key dates

02Disclosure timeline

August 16, 2022 CVE published
August 4, 2024 Record updated