Home > Vulnerability Database > CVE-2024-38275

Mend.io Vulnerability Database

CVE-2024-38275

Date: June 18, 2024

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

Language: PHP

Severity Score

7.5

Related Resources (8)

Url: https://moodle.org/mod/forum/discuss.php?d=459500

Url: https://github.com/moodle/moodle/commit/f7988538b2208c55f2c40ce4f0815901dc88049b

Url: https://github.com/moodle/moodle/commit/0df3c5837a592e6663c4d531ff6a1f776bc2f785

Url: https://github.com/moodle/moodle

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-38275

Url: https://github.com/moodle/moodle/commit/3e38c84315a7991ce5ef5f241f5e873b5ca24f01

Url: https://github.com/moodle/moodle/commit/836b2c23a210317d130017d77bb64e3b510869a9

Url: https://www.mend.io/vulnerability-database/CVE-2024-38275

Severity Score

7.5

Weakness Type (CWE)

Sensitive Information in Resource Not Removed Before Reuse

CWE-226

Incomplete Cleanup

CWE-459

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-38275

Date: June 18, 2024

Language: PHP

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?