Plataforma
php
Componente
moodle
Corrigido em
3.7.1
CVE-2019-10133 describes a redirect vulnerability discovered in Moodle prior to versions 3.7, 3.6.4, 3.5.6, 3.4.9, and 3.1.18. This flaw stems from a lack of proper URL restriction within the cohort upload form, enabling attackers to redirect users to arbitrary external websites. The vulnerability has been rated as LOW severity. Affected users should upgrade to Moodle version 3.7 or later to mitigate the risk.
An attacker could exploit this vulnerability by crafting a malicious cohort upload form that contains a redirect URL pointing to a phishing site or a site hosting malware. When a user attempts to upload the cohort, they would be redirected to the attacker-controlled site without their knowledge. This could lead to credential theft, malware infection, or other malicious activities. The impact is primarily related to user redirection and potential social engineering attacks, rather than direct system compromise. While the CVSS score is LOW, the potential for phishing and user deception should not be underestimated, especially in environments where users are not security-aware.
CVE-2019-10133 was publicly disclosed on June 26, 2019. There is no indication of active exploitation campaigns targeting this vulnerability. It is not listed on the CISA KEV catalog. Public proof-of-concept exploits are available, demonstrating the feasibility of the attack.
Educational institutions and organizations that rely on Moodle for course management and user authentication are at risk. Specifically, deployments using older, unsupported versions of Moodle (≤3.7, 3.6.4, 3.5.6, 3.4.9, and 3.1.18) are particularly vulnerable. Shared hosting environments running Moodle may also be at increased risk due to limited control over server configurations.
• php: Examine Moodle's cohort upload form code for the absence of URL validation on the redirect field. Search for instances where header('Location: ...') is used without proper sanitization.
• generic web: Monitor web server access logs for unusual redirect patterns originating from the Moodle cohort upload form. Look for requests to unexpected external domains.
• generic web: Use a WAF to monitor and block requests containing suspicious redirect URLs within the cohort upload form. Configure rules to prevent redirection to external domains.
disclosure
Status do Exploit
EPSS
0.17% (percentil 38%)
Vetor CVSS
The primary mitigation for CVE-2019-10133 is to upgrade Moodle to version 3.7 or later, which includes the necessary fix. If upgrading immediately is not feasible, consider implementing a Web Application Firewall (WAF) rule to block redirects to external domains from the cohort upload form. Additionally, educate users about the risks of clicking on unexpected links and verifying the legitimacy of websites before entering credentials. Regularly review Moodle configuration settings to ensure that URL restrictions are properly enforced.
Atualize o Moodle para a versão 3.7 ou superior, ou para as versões 3.6.4, 3.5.6, 3.4.9 ou 3.1.18, que contêm a correção para esta vulnerabilidade. Isso evitará que os usuários sejam redirecionados para URLs externas indesejadas através do formulário de carga de cohorts.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2019-10133 is a LOW severity vulnerability in Moodle versions prior to 3.7, 3.6.4, 3.5.6, 3.4.9, and 3.1.18. It allows attackers to redirect users via an unrestricted URL in the cohort upload form.
You are affected if you are running Moodle versions 3.7 or earlier, specifically versions ≤3.7, 3.6.4, 3.5.6, 3.4.9, and 3.1.18.
Upgrade Moodle to version 3.7 or later to resolve the vulnerability. Consider a WAF rule to block external redirects as a temporary mitigation.
There is no confirmed evidence of active exploitation campaigns targeting CVE-2019-10133 at this time.
Refer to the official Moodle security advisory at https://security.moodle.org/mod/showcontent/content/440
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.