CVE-2024-38275

June 18, 2024, 8:15 p.m.

Tags

patrick@puiterwijk.org
2024-06-18
CVE-2024-38275
CWE-226

Product(s) Impacted

Moodle

Description

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

Weaknesses

CWE-226
Sensitive Information in Resource Not Removed Before Reuse

The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.

CWE ID: 226

Date

Published: June 18, 2024, 8:15 p.m.

Last Modified: June 18, 2024, 8:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

patrick@puiterwijk.org

References

https://moodle.org/mod/forum/discuss.php?d=459500
patrick@puiterwijk.org