CVE-2019-3850

MEDIUM

moodle < 3.1.17 - Open Redirect via Assignment Submission Comment Links

Title source: llm
STIX 2.1

Description

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits.

References (2)

Core 2
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3850
Patch, Vendor Advisory x_refsource_misc
https://moodle.org/mod/forum/discuss.php?d=384013#p1547745

Scores

CVSS v3 4.3
EPSS 0.0007
EPSS Percentile 21.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-601
Status published
Products (2)
moodle/moodle < 3.1.17
moodle/moodle 0 - 3.1.17Packagist
Published Mar 26, 2019
Tracked Since Feb 18, 2026