Search for vulnerabilities
Vulnerability details: VCID-cnnv-w5de-sbcr
Vulnerability ID VCID-cnnv-w5de-sbcr
Aliases CVE-2019-10133
GHSA-5xp2-rv4h-mm2q
Summary Moodle Open Redirect Vulnerability A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2019-10133
epss 0.00153 https://api.first.org/data/v1/epss?cve=CVE-2019-10133
cvssv3.1 6.1 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133
cvssv3.1 6.1 https://github.com/moodle/moodle
generic_textual MODERATE https://github.com/moodle/moodle
cvssv3.1 6.1 https://github.com/moodle/moodle/commit/5a89ac9640b3a695720845b6ddeff65e69a289fc
generic_textual MODERATE https://github.com/moodle/moodle/commit/5a89ac9640b3a695720845b6ddeff65e69a289fc
cvssv3.1 6.1 https://github.com/moodle/moodle/commit/a6258d0934f707b1d033f50fb41ffbcf45bb2102
generic_textual MODERATE https://github.com/moodle/moodle/commit/a6258d0934f707b1d033f50fb41ffbcf45bb2102
cvssv3.1 6.1 https://github.com/moodle/moodle/commit/c509d108216524887c7ca08b1c451054d669ea75
generic_textual MODERATE https://github.com/moodle/moodle/commit/c509d108216524887c7ca08b1c451054d669ea75
cvssv3.1 6.1 https://github.com/moodle/moodle/commit/cd6fb4322b6b1914c05f05033a71ed060f875fd4
generic_textual MODERATE https://github.com/moodle/moodle/commit/cd6fb4322b6b1914c05f05033a71ed060f875fd4
cvssv3.1 6.1 https://github.com/moodle/moodle/commit/d5067bffd230d733ad24f6aeaa56aaa17eca5bfb
generic_textual MODERATE https://github.com/moodle/moodle/commit/d5067bffd230d733ad24f6aeaa56aaa17eca5bfb
cvssv3.1 6.1 https://moodle.org/mod/forum/discuss.php?d=386523
generic_textual MODERATE https://moodle.org/mod/forum/discuss.php?d=386523
cvssv2 5.8 https://nvd.nist.gov/vuln/detail/CVE-2019-10133
cvssv3 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-10133
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-10133
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2019-10133
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2019-10133
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133
https://github.com/moodle/moodle
https://github.com/moodle/moodle/commit/5a89ac9640b3a695720845b6ddeff65e69a289fc
https://github.com/moodle/moodle/commit/a6258d0934f707b1d033f50fb41ffbcf45bb2102
https://github.com/moodle/moodle/commit/c509d108216524887c7ca08b1c451054d669ea75
https://github.com/moodle/moodle/commit/cd6fb4322b6b1914c05f05033a71ed060f875fd4
https://github.com/moodle/moodle/commit/d5067bffd230d733ad24f6aeaa56aaa17eca5bfb
https://moodle.org/mod/forum/discuss.php?d=386523
https://nvd.nist.gov/vuln/detail/CVE-2019-10133
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/5a89ac9640b3a695720845b6ddeff65e69a289fc
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/a6258d0934f707b1d033f50fb41ffbcf45bb2102
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/c509d108216524887c7ca08b1c451054d669ea75
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/cd6fb4322b6b1914c05f05033a71ed060f875fd4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/d5067bffd230d733ad24f6aeaa56aaa17eca5bfb
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://moodle.org/mod/forum/discuss.php?d=386523
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-10133
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-10133
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-10133
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.36971
EPSS Score 0.00153
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:27:46.966372+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5xp2-rv4h-mm2q/GHSA-5xp2-rv4h-mm2q.json 36.1.3