Open Redirect Vulnerability in Moodle by Moodle HQ
CVE-2019-14882

3.1LOW

Key Information:

Vendor: [unknown]
Status: Moodle
Vendor: CVE Published:; 18 March 2020

What is CVE-2019-14882?

A vulnerability exists in the Moodle platform that enables an open redirect scenario during the Lesson edit process. This flaw can potentially allow an attacker to redirect users to malicious sites, thereby exposing them to phishing attacks or other cyber threats. It affects multiple versions of Moodle, necessitating prompt updates and security measures to mitigate exploitation risks. Users should ensure they are on the latest patched version to protect against this vulnerability.

Affected Version(s)

moodle 3.7.3

moodle 3.6.7

moodle 3.5.9

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14882

x_refsource_CONFIRM

https://moodle.org/mod/forum/discuss.php?d=393585#p1586747

x_refsource_CONFIRM

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 18, 2020
Vulnerability Reserved
Aug 10, 2019

[unknown]

What is CVE-2019-14882?

Affected Version(s)

References

CVSS V3.1

Timeline