{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38275", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2024-06-12T14:08:44.047Z", "datePublished": "2024-06-18T19:49:26.986Z", "dateUpdated": "2024-08-02T04:04:25.068Z"}, "containers": {"cna": {"title": "moodle: HTTP authorization header is preserved between \"emulated redirects\"", "datePublic": "2024-06-18T17:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-226", "description": "CWE-226", "type": "CWE"}]}], "affected": [{"vendor": "Moodle", "product": "Moodle", "versions": [{"status": "affected", "version": "4.4", "versionType": "semver"}, {"status": "affected", "version": "4.3", "lessThanOrEqual": "4.3.4", "versionType": "semver"}, {"status": "affected", "version": "4.2", "lessThanOrEqual": "4.2.7", "versionType": "semver"}, {"status": "affected", "version": "4.1", "lessThanOrEqual": "4.1.10", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<pre>The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.</pre><br>"}]}], "references": [{"url": "https://moodle.org/mod/forum/discuss.php?d=459500"}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-06-18T19:49:26.986Z"}}, "adp": [{"affected": [{"vendor": "moodle", "product": "moodle", "cpes": ["cpe:2.3:a:moodle:moodle:4.1.0:-:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "4.1.0", "status": "affected", "lessThanOrEqual": "4.1.10", "versionType": "custom"}]}, {"vendor": "moodle", "product": "moodle", "cpes": ["cpe:2.3:a:moodle:moodle:4.2.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "4.2.0", "status": "affected", "lessThanOrEqual": "4.2.7", "versionType": "custom"}]}, {"vendor": "moodle", "product": "moodle", "cpes": ["cpe:2.3:a:moodle:moodle:4.3.0:-:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "4.3.0", "status": "affected", "lessThanOrEqual": "4.3.4", "versionType": "custom"}]}, {"vendor": "moodle", "product": "moodle", "cpes": ["cpe:2.3:a:moodle:moodle:4.4.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "4.4.0", "status": "affected", "lessThan": "4.4.1", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-02T13:36:09.482006Z", "id": "CVE-2024-38275", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T19:52:54.464Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:04:25.068Z"}, "title": "CVE Program Container", "references": [{"url": "https://moodle.org/mod/forum/discuss.php?d=459500", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-38275", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-02T13:36:09.482006Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:moodle:moodle:4.1.0:-:*:*:*:*:*:*"], "vendor": "moodle", "product": "moodle", "versions": [{"status": "affected", "version": "4.1.0", "versionType": "custom", "lessThanOrEqual": "4.1.10"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:moodle:moodle:4.2.0:*:*:*:*:*:*:*"], "vendor": "moodle", "product": "moodle", "versions": [{"status": "affected", "version": "4.2.0", "versionType": "custom", "lessThanOrEqual": "4.2.7"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:moodle:moodle:4.3.0:-:*:*:*:*:*:*"], "vendor": "moodle", "product": "moodle", "versions": [{"status": "affected", "version": "4.3.0", "versionType": "custom", "lessThanOrEqual": "4.3.4"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:moodle:moodle:4.4.0:*:*:*:*:*:*:*"], "vendor": "moodle", "product": "moodle", "versions": [{"status": "affected", "version": "4.4.0", "lessThan": "4.4.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T13:43:48.130Z"}}], "cna": {"title": "moodle: HTTP authorization header is preserved between \"emulated redirects\"", "affected": [{"vendor": "Moodle", "product": "Moodle", "versions": [{"status": "affected", "version": "4.4", "versionType": "semver"}, {"status": "affected", "version": "4.3", "versionType": "semver", "lessThanOrEqual": "4.3.4"}, {"status": "affected", "version": "4.2", "versionType": "semver", "lessThanOrEqual": "4.2.7"}, {"status": "affected", "version": "4.1", "versionType": "semver", "lessThanOrEqual": "4.1.10"}], "defaultStatus": "unaffected"}], "datePublic": "2024-06-18T17:00:00.000Z", "references": [{"url": "https://moodle.org/mod/forum/discuss.php?d=459500"}], "descriptions": [{"lang": "en", "value": "The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.", "supportingMedia": [{"type": "text/html", "value": "<pre>The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.</pre><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-226", "description": "CWE-226"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-06-18T19:49:26.986Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38275", "state": "PUBLISHED", "dateUpdated": "2024-07-02T19:52:54.464Z", "dateReserved": "2024-06-12T14:08:44.047Z", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "datePublished": "2024-06-18T19:49:26.986Z", "assignerShortName": "fedora"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs."}, {"lang": "es", "value": "El contenedor cURL en Moodle retuvo los encabezados de solicitud originales al seguir redirecciones, por lo que la informaci\u00f3n del encabezado de autorizaci\u00f3n HTTP podr\u00eda enviarse involuntariamente en solicitudes para redireccionar URL."}], "id": "CVE-2024-38275", "lastModified": "2024-07-03T02:04:53.613", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-06-18T20:15:13.970", "references": [{"source": "patrick@puiterwijk.org", "url": "https://moodle.org/mod/forum/discuss.php?d=459500"}], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-226"}], "source": "patrick@puiterwijk.org", "type": "Secondary"}]}

{}