How severe is CVE-2024-38275?

CVE-2024-38275 has a CVSS v3 score of 7.5 (HIGH).

CVE-2024-38275

Name: moodle
Author: moodle

7.5HIGH

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

Опубликовано: 6/18/2024Обновлено: 4/30/2025

Описание

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

ИИ-АнализНа базе ИИ

Затронутые продукты

moodlemoodle

4.4.0

Ссылки

https://moodle.org/mod/forum/discuss.php?d=459500
Vendor Advisory
https://moodle.org/mod/forum/discuss.php?d=459500
Vendor Advisory