How severe is CVE-2024-38275?

CVE-2024-38275 has a CVSS v3 score of 7.5 (HIGH).

CVE-2024-38275

Name: moodle
Author: moodle

7.5HIGH

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

Publicado: 6/18/2024Atualizado: 4/30/2025

Descrição

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

Análise IADesenvolvido por IA

Produtos Afetados

moodlemoodle

4.4.0

Referências

https://moodle.org/mod/forum/discuss.php?d=459500
Vendor Advisory
https://moodle.org/mod/forum/discuss.php?d=459500
Vendor Advisory