Lucene search

K

Veracode Vulnerability DatabaseVERACODE:47639

HistoryJun 19, 2024 - 8:43 a.m.

Information Disclosure

2024-06-1908:43:41

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7

moodle vulnerability

information disclosure

curl wrapper

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

High

moodle/moodle is vulnerable to Information Disclosure. The vulnerability is caused due to the cURL wrapper in Moodle failing to clear HTTP authorization headers when following redirects, potentially exposing sensitive authentication information to unintended hosts.

References

github.com/advisories/GHSA-p2cj-86v4-7782

github.com/moodle/moodle/commit/0df3c5837a592e6663c4d531ff6a1f776bc2f785

github.com/moodle/moodle/commit/3e38c84315a7991ce5ef5f241f5e873b5ca24f01

github.com/moodle/moodle/commit/836b2c23a210317d130017d77bb64e3b510869a9

github.com/moodle/moodle/commit/f7988538b2208c55f2c40ce4f0815901dc88049b

moodle.org/mod/forum/discuss.php?d=459500

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

High

Related for VERACODE:47639

osv2 cve1 github1 nvd1 cvelist1 ubuntucve1 vulnrichment1 openvas1 redos1