CVE-2019-3850

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-3850

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3850.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-3850

Aliases

GHSA-3fj7-9j8m-7r8g

Related

UBUNTU-CVE-2019-3850

Published

2019-03-26T18:29:00Z

Modified

2024-09-03T02:54:02.138441Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type: GIT
Repo: https://github.com/moodle/moodle
Events: Introduced

665c3ac59c35b7387a4fc70b8ac6600ce9ffeb87

Fixed

52bd62f2be983a1b8afb26b0f9bd08c60cbfd2e6

Affected versions

v3.*

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.4.4

v3.4.5

v3.4.6

v3.4.7