CVE-2024-34009 moodle: ReCAPTCHA can be bypassed on the login page

2024-05-3120:49:05

CWE-20

fedora

www.cve.org

cve-2024

moodle

recaptcha

bypass

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized.

CNA Affected

[
  {
    "collectionURL": "https://git.moodle.org",
    "packageName": "Moodle",
    "versions": [
      {
        "status": "affected",
        "version": "4.3",
        "lessThanOrEqual": "4.3.3",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unknown"
  }
]