Описание
A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.
Ссылки
- Issue TrackingThird Party Advisory
- PatchVendor Advisory
- Issue TrackingThird Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.1.0 (включая) до 3.1.17 (включая)Версия от 3.4.0 (включая) до 3.4.8 (включая)Версия от 3.5.0 (включая) до 3.5.5 (включая)Версия от 3.6.0 (включая) до 3.6.3 (включая)
Одно из
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
EPSS
Процентиль: 37%
0.00153
Низкий
3.1 Low
CVSS3
6.1 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-601
CWE-601
Связанные уязвимости
CVSS3: 3.1
ubuntu
почти 6 лет назад
A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.
CVSS3: 3.1
debian
почти 6 лет назад
A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. ...
EPSS
Процентиль: 37%
0.00153
Низкий
3.1 Low
CVSS3
6.1 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-601
CWE-601