Search for vulnerabilities
Vulnerability details: VCID-tamk-777r-4bhn
Vulnerability ID VCID-tamk-777r-4bhn
Aliases CVE-2019-10187
GHSA-2mg9-hv69-897x
Summary Moodle Ability to delete glossary entries that belong to another glossary A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-284 Improper Access Control
CWE-862 Missing Authorization
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-10187
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2019-10187
cvssv3.1 4.3 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10187
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10187
cvssv3.1 4.3 https://github.com/moodle/moodle
generic_textual MODERATE https://github.com/moodle/moodle
cvssv3.1 4.3 https://moodle.org/mod/forum/discuss.php?d=388568#p1566330
generic_textual MODERATE https://moodle.org/mod/forum/discuss.php?d=388568#p1566330
cvssv2 4.0 https://nvd.nist.gov/vuln/detail/CVE-2019-10187
cvssv3.1 4.3 https://nvd.nist.gov/vuln/detail/CVE-2019-10187
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2019-10187
cvssv3.1 4.3 http://www.securityfocus.com/bid/109174
generic_textual MODERATE http://www.securityfocus.com/bid/109174
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2019-10187
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10187
https://github.com/moodle/moodle
https://moodle.org/mod/forum/discuss.php?d=388568#p1566330
https://nvd.nist.gov/vuln/detail/CVE-2019-10187
http://www.securityfocus.com/bid/109174
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10187
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/moodle/moodle
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://moodle.org/mod/forum/discuss.php?d=388568#p1566330
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-10187
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-10187
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at http://www.securityfocus.com/bid/109174
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.38647
EPSS Score 0.00167
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:30:44.943946+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2mg9-hv69-897x/GHSA-2mg9-hv69-897x.json 36.1.3