CVE-2024-43427

Published: Nov 11, 2024Modified: May 1, 2025

3.7

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.2 / Impact: 1.4

Source: NVD

Description

A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third party.

Affected (4)

Products: Moodle: Moodle

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Moodle Moodle	Before 4.1.12
Moodle Moodle	From 4.2.0 to 4.2.9
Moodle Moodle	From 4.3.0 to 4.3.6
Moodle Moodle	From 4.4.0 to 4.4.2

Related CWEs

Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=2304255

Source: patrick@puiterwijk.org

Permissions Required

https://moodle.org/mod/forum/discuss.php?d=461195

Source: patrick@puiterwijk.org

Vendor Advisory

Timeline

No history available yet.