Vulnerability Description
A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | >= 3.6.0, < 3.6.7 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14883Issue TrackingPatchThird Party Advisory
- https://moodle.org/mod/forum/discuss.php?d=393586#p1586750PatchVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14883Issue TrackingPatchThird Party Advisory
- https://moodle.org/mod/forum/discuss.php?d=393586#p1586750PatchVendor Advisory
FAQ
What is CVE-2019-14883?
CVE-2019-14883 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer act...
How severe is CVE-2019-14883?
CVE-2019-14883 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14883?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle.