PT-2019-11589 · Moodle+1 · Moodle+1

Lindon Wass

Published

2019-06-18

Updated

2022-05-24

CVE-2019-10133

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Moodle versions prior to 3.7 Moodle version 3.6.4 and earlier Moodle version 3.5.6 and earlier Moodle version 3.4.9 and earlier Moodle version 3.1.18 and earlier

Description: A flaw was found in the form to upload cohorts, which contained a redirect field that was not restricted to internal URLs.

Recommendations: For versions prior to 3.7, update to version 3.7 or later. For version 3.6.4 and earlier, update to version 3.6.5 or later. For version 3.5.6 and earlier, update to version 3.5.7 or later. For version 3.4.9 and earlier, update to version 3.4.10 or later. For version 3.1.18 and earlier, update to version 3.1.19 or later.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

ALT-PU-2019-2080

ALT-PU-2019-2096

CVE-2019-10133

GHSA-5XP2-RV4H-MM2Q

Affected Products

Alt Linux

Moodle

PT-2019-11589 · Moodle+1 · Moodle+1

CVE-2019-10133

Weakness Enumeration

Related Identifiers

Affected Products

References · 14