Lucene search

GoogleOSV:GHSA-P2CJ-86V4-7782

HistoryJun 18, 2024 - 9:30 p.m.

Moodle HTTP authorization header is preserved between "emulated redirects"

2024-06-1821:30:36

Google

osv.dev

moodle

http authorization

redirects

curl wrapper

software

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

Percentile

9.0%

JSON

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

References

github.com/moodle/moodle

github.com/moodle/moodle/commit/0df3c5837a592e6663c4d531ff6a1f776bc2f785

github.com/moodle/moodle/commit/3e38c84315a7991ce5ef5f241f5e873b5ca24f01

github.com/moodle/moodle/commit/836b2c23a210317d130017d77bb64e3b510869a9

github.com/moodle/moodle/commit/f7988538b2208c55f2c40ce4f0815901dc88049b

moodle.org/mod/forum/discuss.php?d=459500

nvd.nist.gov/vuln/detail/CVE-2024-38275

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for OSV:GHSA-P2CJ-86V4-7782