Multiple CSRF Risks Due to Incorrect Token Checks
CVE-2024-38276

8.8HIGH

Key Information:

Vendor: Moodle
Status: Moodle
Vendor: CVE Published:; 18 June 2024

What is CVE-2024-38276?

The vulnerability arises from improper checks on CSRF tokens, which can expose vulnerable instances of Moodle to multiple cross-site request forgery (CSRF) attacks. Exploiting this flaw may allow attackers to perform unauthorized actions on behalf of users. It is essential for administrators to review their Moodle installation and implement security best practices to mitigate risks and protect user data. Regularly updating to the latest versions and monitoring official security announcements are recommended to safeguard against such vulnerabilities.

Affected Version(s)

Moodle 4.4

Moodle 4.3 <= 4.3.4

Moodle 4.2 <= 4.2.7

References

https://moodle.org/mod/forum/discuss.php?d=459501

https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2024
Vulnerability Reserved
Jun 12, 2024