Vulnerability Description
A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded.
CVSS Score
3.7
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | >= 3.1.0, <= 3.1.17 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10134Issue TrackingThird Party Advisory
- https://moodle.org/mod/forum/discuss.php?d=386524PatchVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10134Issue TrackingThird Party Advisory
- https://moodle.org/mod/forum/discuss.php?d=386524PatchVendor Advisory
FAQ
What is CVE-2019-10134?
CVE-2019-10134 is a vulnerability with a CVSS score of 3.7 (LOW). A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded.
How severe is CVE-2019-10134?
CVE-2019-10134 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10134?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle.