CVE-2024-43427

Moodle: admin presets export tool includes some secrets that should not be exported

CVSS 3.7 LOWEPSS 0.3%CWE-922

Vexday Risk Score

8Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 3.7EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

11 Nov 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third party.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

moodle

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugzilla.redhat.com/show_bug.cgi?id=2304255 https://moodle.org/mod/forum/discuss.php?d=461195