A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.
Metrics
Affected Vendors & Products
References
History
Tue, 12 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Moodle
Moodle moodle |
|
Weaknesses | CWE-319 | |
CPEs | cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* | |
Vendors & Products |
Moodle
Moodle moodle |
|
Metrics |
ssvc
|
Mon, 11 Nov 2024 12:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs. | |
Title | Moodle: authorization headers preserved between "emulated redirects" | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: fedora
Published: 2024-11-11T12:16:04.901Z
Updated: 2024-11-12T15:14:27.618Z
Reserved: 2024-08-13T07:15:00.598Z
Link: CVE-2024-43432
Vulnrichment
Updated: 2024-11-12T15:14:20.432Z
NVD
Status : Awaiting Analysis
Published: 2024-11-11T13:15:04.233
Modified: 2024-11-12T16:35:17.560
Link: CVE-2024-43432
Redhat
No data.