Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-38275


The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.


Published

2024-06-18T20:15:13.970

Last Modified

2025-04-30T23:35:59.790

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses
  • Type: Secondary
    CWE-226
  • Type: Primary
    CWE-459

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application moodle moodle < 4.1.11 Yes
Application moodle moodle < 4.2.8 Yes
Application moodle moodle < 4.3.5 Yes
Application moodle moodle 4.4.0 Yes

References