All errata/p9/ALT-PU-2019-2096-2
ALT-PU-2019-2096-2

Package update moodle in branch p9

Version3.7.0-alt1
Task#232642
Published2026-02-04
Max severityHIGH
Severity:

Closed issues (6)

CVE-2019-10133
MEDIUM6.1

A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.

Published: 2019-06-26Modified: 2024-11-21
CVSS 2.0MEDIUM 5.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS 3.xMEDIUM 6.1
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References
CVE-2019-10134
LOW3.7

A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded.

Published: 2019-06-26Modified: 2024-11-21
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS 3.xLOW 3.7
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
References
CVE-2019-10154
HIGH7.5

A flaw was found in Moodle before versions 3.7, 3.6.4. A web service fetching messages was not restricted to the current user's conversations.

Published: 2019-06-26Modified: 2024-11-21
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References
GHSA-5xp2-rv4h-mm2q
MEDIUM6.1

Moodle Open Redirect Vulnerability

Published: 2022-05-24Modified: 2024-01-26
CVSS 3.xMEDIUM 6.1
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References
GHSA-ww45-x87c-wgff
HIGH7.5

Moodle all messaging conversations could be viewed

Published: 2022-05-24Modified: 2024-01-26
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References