A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which could result in a user's mobile access token being exposed. (Note: This does not affect sites with a forced URL scheme configured, mobile service disabled, or where the mobile app login method is "via the app").
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2021-03-19T20:15:25
Updated: 2024-08-05T00:26:39.141Z
Reserved: 2019-08-10T00:00:00
Link: CVE-2019-14830
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-03-19T21:15:12.040
Modified: 2024-11-21T04:27:27.193
Link: CVE-2019-14830
Redhat
No data.