Search for vulnerabilities
Vulnerability details: VCID-dr3k-y8bc-6qa4
Vulnerability ID VCID-dr3k-y8bc-6qa4
Aliases CVE-2019-3851
GHSA-pj45-hp8h-289r
Summary Moodle Secure layout contained an insecure link in Boost theme A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00228 https://api.first.org/data/v1/epss?cve=CVE-2019-3851
epss 0.00228 https://api.first.org/data/v1/epss?cve=CVE-2019-3851
cvssv3.1 4.3 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3851
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3851
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-pj45-hp8h-289r
cvssv3.1 4.3 https://github.com/moodle/moodle
generic_textual MODERATE https://github.com/moodle/moodle
cvssv3.1 4.3 https://github.com/moodle/moodle/commit/7f22b14efb3408645cede026ad11126f17e3f59a
generic_textual MODERATE https://github.com/moodle/moodle/commit/7f22b14efb3408645cede026ad11126f17e3f59a
cvssv3.1 4.3 https://github.com/moodle/moodle/commit/911f7488068a56b05b0ad87be8f9e132075ab0a6
generic_textual MODERATE https://github.com/moodle/moodle/commit/911f7488068a56b05b0ad87be8f9e132075ab0a6
cvssv3.1 4.3 https://github.com/moodle/moodle/commit/c430bed525c4c7e6e5a1c0f7222bc323cf9b6245
generic_textual MODERATE https://github.com/moodle/moodle/commit/c430bed525c4c7e6e5a1c0f7222bc323cf9b6245
cvssv3.1 4.3 https://moodle.org/mod/forum/discuss.php?d=384014#p1547746
generic_textual MODERATE https://moodle.org/mod/forum/discuss.php?d=384014#p1547746
cvssv2 4.0 https://nvd.nist.gov/vuln/detail/CVE-2019-3851
cvssv3 4.3 https://nvd.nist.gov/vuln/detail/CVE-2019-3851
cvssv3.1 4.3 https://nvd.nist.gov/vuln/detail/CVE-2019-3851
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2019-3851
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2019-3851
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3851
https://github.com/moodle/moodle
https://github.com/moodle/moodle/commit/7f22b14efb3408645cede026ad11126f17e3f59a
https://github.com/moodle/moodle/commit/911f7488068a56b05b0ad87be8f9e132075ab0a6
https://github.com/moodle/moodle/commit/c430bed525c4c7e6e5a1c0f7222bc323cf9b6245
https://moodle.org/mod/forum/discuss.php?d=384014#p1547746
https://nvd.nist.gov/vuln/detail/CVE-2019-3851
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*
GHSA-pj45-hp8h-289r https://github.com/advisories/GHSA-pj45-hp8h-289r
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3851
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/moodle/moodle
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/moodle/moodle/commit/7f22b14efb3408645cede026ad11126f17e3f59a
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/moodle/moodle/commit/911f7488068a56b05b0ad87be8f9e132075ab0a6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/moodle/moodle/commit/c430bed525c4c7e6e5a1c0f7222bc323cf9b6245
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://moodle.org/mod/forum/discuss.php?d=384014#p1547746
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-3851
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-3851
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-3851
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.45624
EPSS Score 0.00228
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:30:27.431039+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pj45-hp8h-289r/GHSA-pj45-hp8h-289r.json 36.1.3