CVE-2019-10133

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-10133

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10133.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-10133

Aliases

GHSA-5xp2-rv4h-mm2q

Downstream

UBUNTU-CVE-2019-10133

Published

2019-06-26T19:15:11.057Z

Modified

2026-04-10T04:13:43.128661Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type

GIT

Repo

https://github.com/moodle/moodle

Events

Introduced

268abfacc54c4cbf9722c1502569b311c7caefff

Last affected

1f48e99be13e1dae1847b143bd90a27a39e09aab

Introduced

665c3ac59c35b7387a4fc70b8ac6600ce9ffeb87

Last affected

52bd62f2be983a1b8afb26b0f9bd08c60cbfd2e6

Introduced

46574904afd39578fa4146bf1fc5c401ac680aa6

Last affected

5e878219fbe7ab63d2a54ed02aff63443fb83192

Introduced

cb628a9a08933c2a9f1eae2f3be70ea5d343b419

Last affected

4d3a32dde97e964ad4512c35d15a1784c69c247e

Database specific

{
    "versions": [
        {
            "introduced": "3.1.0"
        },
        {
            "last_affected": "3.1.17"
        },
        {
            "introduced": "3.4.0"
        },
        {
            "last_affected": "3.4.8"
        },
        {
            "introduced": "3.5.0"
        },
        {
            "last_affected": "3.5.5"
        },
        {
            "introduced": "3.6.0"
        },
        {
            "last_affected": "3.6.3"
        }
    ]
}

Affected versions

v3.*

v3.1.0

v3.1.1

v3.1.10

v3.1.11

v3.1.12

v3.1.13

v3.1.14

v3.1.15

v3.1.16

v3.1.17

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.8

v3.1.9

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.4.4

v3.4.5

v3.4.6

v3.4.7

v3.4.8

v3.5.0

v3.5.1

v3.5.2

v3.5.3

v3.5.4

v3.5.5

v3.6.0

v3.6.1

v3.6.2

v3.6.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10133.json"