Vulnerability Description
A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which could result in a user's mobile access token being exposed. (Note: This does not affect sites with a forced URL scheme configured, mobile service disabled, or where the mobile app login method is "via the app").
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | >= 3.5.0, <= 3.5.7 |
Related Weaknesses (CWE)
References
- https://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=d4985a77391123c5959db432c0
- https://moodle.org/mod/forum/discuss.php?d=391036Release NotesVendor Advisory
- https://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=d4985a77391123c5959db432c0
- https://moodle.org/mod/forum/discuss.php?d=391036Release NotesVendor Advisory
FAQ
What is CVE-2019-14830?
CVE-2019-14830 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which ...
How severe is CVE-2019-14830?
CVE-2019-14830 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14830?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle.