A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.
History

Tue, 12 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Moodle
Moodle moodle
Weaknesses CWE-319
CPEs cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
Vendors & Products Moodle
Moodle moodle
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 11 Nov 2024 12:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.
Title Moodle: authorization headers preserved between "emulated redirects"
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fedora

Published: 2024-11-11T12:16:04.901Z

Updated: 2024-11-12T15:14:27.618Z

Reserved: 2024-08-13T07:15:00.598Z

Link: CVE-2024-43432

cve-icon Vulnrichment

Updated: 2024-11-12T15:14:20.432Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-11T13:15:04.233

Modified: 2024-11-12T16:35:17.560

Link: CVE-2024-43432

cve-icon Redhat

No data.