Description
A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page.
References (2)
Core 2
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3851
Patch, Vendor Advisory x_refsource_misc
https://moodle.org/mod/forum/discuss.php?d=384014#p1547746
Scores
CVSS v3
4.3
EPSS
0.0018
EPSS Percentile
39.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Details
Status
published
Products (3)
fedoraproject/fedora
moodle/moodle
3.5 - 3.5.5Packagist
moodle/moodle
3.5.0 - 3.5.5
Published
Mar 26, 2019
Tracked Since
Feb 18, 2026