Plattform
php
Komponente
moodle
Behoben in
3.7.1
CVE-2019-10133 describes a redirect vulnerability discovered in Moodle prior to versions 3.7, 3.6.4, 3.5.6, 3.4.9, and 3.1.18. This flaw allows an attacker to redirect users to external websites through the cohort upload form, potentially leading to phishing or other malicious activities. The vulnerability has been addressed in Moodle version 3.7, and users are strongly advised to upgrade.
The primary impact of CVE-2019-10133 is the potential for user redirection to malicious websites. An attacker could craft a cohort upload form with a specially crafted redirect URL. When a user attempts to upload the cohort, they would be redirected to a site controlled by the attacker. This could be used for phishing attacks, where the attacker attempts to steal user credentials or other sensitive information. While the CVSS score is LOW, the ease of exploitation and potential for social engineering make this a concerning vulnerability, particularly for organizations with a large user base or those who rely on Moodle for critical functions.
CVE-2019-10133 was publicly disclosed on June 26, 2019. There is no indication of active exploitation campaigns targeting this vulnerability. No public proof-of-concept exploits are readily available. The vulnerability is not listed on the CISA KEV catalog. The LOW CVSS score reflects the relatively limited impact and ease of mitigation.
Educational institutions and organizations that rely on Moodle for course management and user authentication are at risk. Specifically, deployments using older, unsupported versions of Moodle (≤3.7, 3.6.4, 3.5.6, 3.4.9, and 3.1.18) are particularly vulnerable. Shared hosting environments running Moodle may also be at increased risk due to limited control over server configurations.
• php: Examine Moodle's cohort upload form code for the absence of URL validation on the redirect field. Search for instances where header('Location: ...') is used without proper sanitization.
• generic web: Monitor web server access logs for unusual redirect patterns originating from the Moodle cohort upload form. Look for requests to unexpected external domains.
• generic web: Use a WAF to monitor and block requests containing suspicious redirect URLs within the cohort upload form. Configure rules to prevent redirection to external domains.
disclosure
Exploit-Status
EPSS
0.17% (38% Perzentil)
CVSS-Vektor
The recommended mitigation for CVE-2019-10133 is to upgrade to Moodle version 3.7 or later. This version includes a fix that restricts the redirect URL to internal Moodle URLs, preventing the exploitation of this vulnerability. If upgrading immediately is not possible, consider implementing a Web Application Firewall (WAF) rule to block requests containing suspicious redirect URLs. Carefully review and audit any custom cohort upload scripts to ensure they do not introduce similar vulnerabilities. After upgrade, confirm by attempting to upload a cohort and verifying that the redirect URL remains within the Moodle domain.
Aktualisieren Sie Moodle auf Version 3.7 oder höher oder auf die Versionen 3.6.4, 3.5.6, 3.4.9 oder 3.1.18, die die Korrektur für diese Schwachstelle enthalten. Dies verhindert, dass Benutzer über das Gruppen-Upload-Formular zu unerwünschten externen URLs umgeleitet werden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2019-10133 is a LOW severity vulnerability in Moodle versions prior to 3.7, 3.6.4, 3.5.6, 3.4.9, and 3.1.18. It allows attackers to redirect users via an unrestricted URL in the cohort upload form.
You are affected if you are running Moodle versions 3.7 or earlier, specifically versions ≤3.7, 3.6.4, 3.5.6, 3.4.9, and 3.1.18.
Upgrade Moodle to version 3.7 or later to resolve the vulnerability. Consider a WAF rule to block external redirects as a temporary mitigation.
There is no confirmed evidence of active exploitation campaigns targeting CVE-2019-10133 at this time.
Refer to the official Moodle security advisory at https://security.moodle.org/mod/showcontent/content/440
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.