Candidate: CVE-2019-3850
PublicDate: 2019-03-26 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3850
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3850
 https://moodle.org/mod/forum/discuss.php?d=384013#p1547745
 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64651
Description:
 A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and
 3.1.17. Links within assignment submission comments would open directly (in
 the same window). Although links themselves may be valid, opening within
 the same window and without the no-referrer header policy made them more
 susceptible to exploits.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]


Patches_moodle:
upstream_moodle: needs-triage
precise/esm_moodle: DNE
trusty_moodle: ignored (reached end-of-life)
trusty/esm_moodle: DNE (trusty was needed)
xenial_moodle: ignored (end of standard support, was needed)
bionic_moodle: needed
cosmic_moodle: ignored (reached end-of-life)
disco_moodle: ignored (reached end-of-life)
eoan_moodle: ignored (reached end-of-life)
focal_moodle: DNE
groovy_moodle: DNE
hirsute_moodle: DNE
impish_moodle: DNE
jammy_moodle: DNE
devel_moodle: DNE