CVE-2019-14880

CRITICAL

Moodle 3.5-3.5.8, 3.6-3.6.6, 3.7-3.7.2 - Improper Authentication during OAuth 2 Sign-Up

Title source: llm
STIX 2.1

Description

A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise.

References (2)

Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14880
Vendor Advisory x_refsource_misc
https://moodle.org/security/

Scores

CVSS v3 9.1
EPSS 0.0020
EPSS Percentile 42.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-287
Status published
Products (2)
moodle/moodle 3.5 - 3.5.9
moodle/moodle 3.7.0 - 3.7.3Packagist
Published Mar 31, 2020
Tracked Since Feb 18, 2026