CVE-2019-10133 : Security Advisory and Response
Discover the impact of CVE-2019-10133 on Moodle versions before 3.7. Learn about the vulnerability allowing non-internal URLs in the cohorts upload form redirect field.
A vulnerability was found in Moodle versions prior to 3.7, 3.6.4, 3.5.6, 3.4.9, and 3.1.18 that allowed non-internal URLs in the cohorts upload form redirect field.
Understanding CVE-2019-10133
This CVE affects Moodle versions before 3.7, 3.6.4, 3.5.6, 3.4.9, and 3.1.18.
What is CVE-2019-10133?
This CVE identifies a flaw in Moodle versions that allowed unrestricted redirect fields in the cohorts upload form.
The Impact of CVE-2019-10133
- CVSS Base Score: 3.1 (Low)
- Attack Vector: Network
- Attack Complexity: High
- User Interaction: Required
- Integrity Impact: Low
- Privileges Required: None
- Scope: Unchanged
- Confidentiality Impact: None
- Availability Impact: None
Technical Details of CVE-2019-10133
This section provides more technical insights into the vulnerability.
Vulnerability Description
The cohorts upload form in affected Moodle versions contained an unrestricted redirect field.
Affected Systems and Versions
- Affected Product: Moodle
- Vendor: Moodle
- Affected Versions: 3.7, 3.6.4, 3.5.6, 3.4.9, and 3.1.18
Exploitation Mechanism
The vulnerability could be exploited by providing non-internal URLs in the redirect field of the cohorts upload form.
Mitigation and Prevention
Protect your systems from CVE-2019-10133 with these steps:
Immediate Steps to Take
- Update Moodle to version 3.7 or newer to mitigate the vulnerability.
- Educate users to avoid clicking on suspicious links.
Long-Term Security Practices
- Regularly monitor and update Moodle installations.
- Implement URL filtering to restrict external redirects.
Patching and Updates
- Apply patches provided by Moodle to fix the vulnerability.