#VU18020 Permissions, Privileges, and Access Controls in Moodle - CVE-2019-3850
Published: March 19, 2019
Vulnerability identifier: #VU18020
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-3850
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Moodle
Moodle
Software vendor:
moodle.org
moodle.org
Description
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to the application allows links within assignment submission comments to be opened directly in the same window. Such application behavior can lead phishing attacks.
Remediation
Install updates from vendor's website.