CVE-2024-38275
June 18, 2024, 8:15 p.m.
Tags
Product(s) Impacted
Moodle
Description
The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.
Weaknesses
CWE-226
Sensitive Information in Resource Not Removed Before Reuse
The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.
CWE ID: 226Date
Published: June 18, 2024, 8:15 p.m.
Last Modified: June 18, 2024, 8:15 p.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
patrick@puiterwijk.org
References
patrick@puiterwijk.org