CVE-2024-43432

medium

Description

A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

References

https://moodle.org/mod/forum/discuss.php?d=461200

https://bugzilla.redhat.com/show_bug.cgi?id=2304260

Details

Source: Mitre, NVD

Published: 2024-11-11

Updated: 2024-11-12

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N