CVE-2019-14830

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-14830
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14830.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-14830
Related
Published
2021-03-19T21:15:12Z
Modified
2025-01-14T07:50:08.315618Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which could result in a user's mobile access token being exposed. (Note: This does not affect sites with a forced URL scheme configured, mobile service disabled, or where the mobile app login method is "via the app").

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events
Introduced
46574904afd39578fa4146bf1fc5c401ac680aa6
Last affected
5725188035223fe8d8cf1c4a7c1af361a43ca6b6
Introduced
89457b26d192c06325bb6782b85d1025dafbefe9
Last affected
b198428e41b0f2fafe4bb0e6db6e53f5b9eda212
Introduced
cb628a9a08933c2a9f1eae2f3be70ea5d343b419
Last affected
c88d732e399b816b69010c2c6ee7deb2da268681

Affected versions

v3.*

v3.5.0
v3.5.1
v3.5.2
v3.5.3
v3.5.4
v3.5.5
v3.5.6
v3.5.7
v3.6.0
v3.6.0-beta
v3.6.0-rc1
v3.6.0-rc2
v3.6.0-rc3
v3.6.1
v3.6.2
v3.6.3
v3.6.4
v3.6.5
v3.7.0
v3.7.0-beta
v3.7.0-rc1
v3.7.0-rc2
v3.7.1