Candidate: CVE-2019-14831
PublicDate: 2021-03-19 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14831
 https://git.moodle.org/gw?p=moodle.git;a=commit;h=32e2e06a8737afb07ee83abb3eacd39f8b181216
 https://moodle.org/mod/forum/discuss.php?d=391037
Description:
 A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to
 3.5.7 and earlier unsupported versions, where forum subscribe link
 contained an open redirect if forced subscription mode was enabled. If a
 forum's subscription mode was set to "forced subscription", the forum's
 subscribe link contained an open redirect.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]


Patches_moodle:
upstream_moodle: needs-triage
precise/esm_moodle: DNE
trusty_moodle: ignored (out of standard support)
trusty/esm_moodle: DNE
xenial_moodle: ignored (end of standard support, was needs-triage)
bionic_moodle: needs-triage
focal_moodle: DNE
groovy_moodle: DNE
hirsute_moodle: DNE
impish_moodle: DNE
jammy_moodle: DNE
devel_moodle: DNE