CVE-2024-34009 moodle: ReCAPTCHA can be bypassed on the login page

2024-05-3120:49:05

CWE-20

fedora

github.com

cve-2024-34009

bypasses recaptcha

recaptcha bypassed

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized.

CNA Affected

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "4.3",
        "versionType": "semver",
        "lessThanOrEqual": "4.3.3"
      }
    ],
    "packageName": "Moodle",
    "collectionURL": "https://git.moodle.org",
    "defaultStatus": "unknown"
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*"
    ],
    "vendor": "moodle",
    "product": "moodle",
    "versions": [
      {
        "status": "affected",
        "version": "4.3",
        "versionType": "semver",
        "lessThanOrEqual": "4.3.3"
      }
    ],
    "defaultStatus": "unknown"
  }
]