GitHub Advisory DatabaseGHSA-PJ45-HP8H-289RMoodle Secure layout contained an insecure link in Boost theme
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
22.7%
A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home within the the Boost theme’s secure layout, meaning students could navigate out of the page.
Affected configurations
References
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3851
github.com/advisories/GHSA-pj45-hp8h-289r
github.com/moodle/moodle/commit/7f22b14efb3408645cede026ad11126f17e3f59a
github.com/moodle/moodle/commit/911f7488068a56b05b0ad87be8f9e132075ab0a6
github.com/moodle/moodle/commit/c430bed525c4c7e6e5a1c0f7222bc323cf9b6245
moodle.org/mod/forum/discuss.php?d=384014#p1547746
nvd.nist.gov/vuln/detail/CVE-2019-3851
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
22.7%