CVE-2024-38275

June 18, 2024, 8:15 p.m.

None
No Score

Description

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

Product(s) Impacted

Product Versions
Moodle

Weaknesses

CWE-226
Sensitive Information in Resource Not Removed Before Reuse
The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.

References

https://moodle.org/mod/forum/discuss.php?d=459500

Tags

patrick@puiterwijk.org
2024-06-18
CVE-2024-38275
CWE-226

Date

  • Published: June 18, 2024, 8:15 p.m.
  • Last Modified: June 18, 2024, 8:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

patrick@puiterwijk.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.