CVE-2019-10133

LOW

Published 2019-06-26T18:10:34

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2019-10133. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.0

3.1

/10

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14

0.002

probability

of exploitation in the wild

There is a 0.2% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25

Exploit Probability

Percentile: 0.370

Higher than 37.0% of all CVEs

Attack Vector Metrics

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Impact Metrics

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Description

A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Moodle

moodle

Affected Versions:

3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Moodle Open Redirect Vulnerability

GHSA-5xp2-rv4h-mm2q

Advisory Details

A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.

Affected Packages

Packagist moodle/moodle

ECOSYSTEM: ≥3.6.0 <3.6.4

Packagist moodle/moodle

ECOSYSTEM: ≥3.5.0 <3.5.6

Packagist moodle/moodle

ECOSYSTEM: ≥3.4.0 <3.4.9

Packagist moodle/moodle

ECOSYSTEM: ≥0 <3.1.18

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2019-10133

WEB https://github.com/moodle/moodle/commit/5a89ac9640b3a695720845b6ddeff65e69a289fc

WEB https://github.com/moodle/moodle/commit/a6258d0934f707b1d033f50fb41ffbcf45bb2102

WEB https://github.com/moodle/moodle/commit/c509d108216524887c7ca08b1c451054d669ea75

WEB https://github.com/moodle/moodle/commit/cd6fb4322b6b1914c05f05033a71ed060f875fd4

WEB https://github.com/moodle/moodle/commit/d5067bffd230d733ad24f6aeaa56aaa17eca5bfb

WEB https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133

PACKAGE https://github.com/moodle/moodle

WEB https://moodle.org/mod/forum/discuss.php?d=386523

Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: January 26, 2024

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133

https://moodle.org/mod/forum/discuss.php?d=386523

Published: 2019-06-26T18:10:34

Last Modified: 2024-08-04T22:10:09.989Z

Copied to clipboard!

CVE-2019-10133

Expert Analysis

CVSS Score

EPSS Score

Attack Vector Metrics

Impact Metrics

Description

Available Exploits

Related News

Affected Products

moodle

Affected Versions:

GitHub Security Advisories

Moodle Open Redirect Vulnerability

Advisory Details

Affected Packages

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!