CVE-2019-14831

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-14831

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14831.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-14831

Downstream

UBUNTU-CVE-2019-14831

Published

2021-03-19T21:15:12.120Z

Modified

2026-04-10T04:14:54.881735Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was enabled. If a forum's subscription mode was set to "forced subscription", the forum's subscribe link contained an open redirect.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type

GIT

Repo

https://github.com/moodle/moodle

Events

Introduced

46574904afd39578fa4146bf1fc5c401ac680aa6

Last affected

5725188035223fe8d8cf1c4a7c1af361a43ca6b6

Introduced

cb628a9a08933c2a9f1eae2f3be70ea5d343b419

Last affected

c88d732e399b816b69010c2c6ee7deb2da268681

Introduced

89457b26d192c06325bb6782b85d1025dafbefe9

Last affected

b198428e41b0f2fafe4bb0e6db6e53f5b9eda212

Database specific

{
    "versions": [
        {
            "introduced": "3.5.0"
        },
        {
            "last_affected": "3.5.7"
        },
        {
            "introduced": "3.6.0"
        },
        {
            "last_affected": "3.6.5"
        },
        {
            "introduced": "3.7.0"
        },
        {
            "last_affected": "3.7.1"
        }
    ]
}

Affected versions

v3.*

v3.5.0

v3.5.1

v3.5.2

v3.5.3

v3.5.4

v3.5.5

v3.5.6

v3.5.7

v3.6.0

v3.6.1

v3.6.2

v3.6.3

v3.6.4

v3.6.5

v3.7.0

v3.7.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14831.json"