CVE-2024-38275

Summary

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

Affected Software

VendorProductVersion RangeStatus
MoodleMoodle4.4affected
MoodleMoodle4.3 <= 4.3.4affected
MoodleMoodle4.2 <= 4.2.7affected
MoodleMoodle4.1 <= 4.1.10affected

Weaknesses

  • CWE-226: CWE-226

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References