Lucene search
FedoraCVELIST:CVE-2024-34007HistoryMay 31, 2024 - 8:40 p.m.
CVE-2024-34007 moodle: logout CSRF in admin/tool/mfa/auth.php
2024-05-3120:40:23
CWE-352
fedora
www.cve.org
1
cve-2024-34007
moodle
logout
csrf
mfa
admin
tool
The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF.
CNA Affected
[
{
"collectionURL": "https://git.moodle.org",
"packageName": "Moodle",
"versions": [
{
"status": "affected",
"version": "4.3",
"lessThanOrEqual": "4.3.3",
"versionType": "semver"
}
],
"defaultStatus": "unknown"
}
]Related
osv
osv
Moodle Logout CSRF in admin/tool/mfa/auth.php
2024-05-31 21:30:55
nvd
nvd
CVE-2024-34007
2024-05-31 21:15:09
veracode
veracode
Cross-site Request Forgery (CSRF)
2024-06-07 08:00:39
cve
cve
CVE-2024-34007
2024-05-31 21:15:09
github
github
Moodle Logout CSRF in admin/tool/mfa/auth.php
2024-05-31 21:30:55
vulnrichment
vulnrichment
CVE-2024-34007 moodle: logout CSRF in admin/tool/mfa/auth.php
2024-05-31 20:40:23
ubuntucve
ubuntucve
CVE-2024-34007
2024-05-31 00:00:00
openvas
openvas
Moodle 4.3.x < 4.3.4 Multiple Vulnerabilities
2024-05-14 00:00:00