Main Vulnerability Database Vulnerabilities #VU18020

Permissions, Privileges, and Access Controls in Moodle - CVE-2019-3850

Published: March 19, 2019

Vulnerability identifier: #VU18020

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-3850

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to the application allows links within assignment submission comments to be opened directly in the same window. Such application behavior can lead phishing attacks.

How to mitigate CVE-2019-3850

Install updates from vendor's website.

Sources

https://moodle.org/mod/forum/discuss.php?d=384013

Permissions, Privileges, and Access Controls in Moodle - CVE-2019-3850

Detailed vulnerability description

How to mitigate CVE-2019-3850

Sources

Please verify you're human