BIT-moodle-2024-43432
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/moodle/BIT-moodle-2024-43432.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/BIT-moodle-2024-43432
- Aliases
- Published
- 2025-05-02T06:18:52.499Z
- Modified
- 2025-05-20T10:02:07.006Z
- Summary
- Moodle: authorization headers preserved between "emulated redirects"
- Details
-
A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.
- Database specific
{ "severity": "Medium", "cpes": [ "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*" ] }- References
Affected packages
Bitnami / moodle
Package
- Name
- moodle
- Purl
- pkg:bitnami/moodle
Severity
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator