How severe is CVE-2024-38275?

CVE-2024-38275 has a CVSS v3 score of 7.5 (HIGH).

CVE-2024-38275

Name: moodle
Author: moodle

7.5HIGH

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

Veröffentlicht: 6/18/2024Aktualisiert: 4/30/2025

Beschreibung

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

KI-AnalyseKI-gestützt

Betroffene Produkte

moodlemoodle

4.4.0

Referenzen

https://moodle.org/mod/forum/discuss.php?d=459500
Vendor Advisory
https://moodle.org/mod/forum/discuss.php?d=459500
Vendor Advisory