CVE-2019-14830

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-14830
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14830.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-14830
Published
2021-03-19T21:15:12Z
Modified
2024-06-06T12:37:46.072599Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which could result in a user's mobile access token being exposed. (Note: This does not affect sites with a forced URL scheme configured, mobile service disabled, or where the mobile app login method is "via the app").

References

Affected packages

Git / github.com/moodle/moodle

Affected versions

v3.*

v3.5.0
v3.5.1
v3.5.2
v3.5.3
v3.5.4
v3.5.5
v3.5.6
v3.5.7
v3.6.0
v3.6.0-beta
v3.6.0-rc1
v3.6.0-rc2
v3.6.0-rc3
v3.6.1
v3.6.2
v3.6.3
v3.6.4
v3.6.5
v3.7.0
v3.7.0-beta
v3.7.0-rc1
v3.7.0-rc2
v3.7.1