Cross-Site Request Forgery Vulnerability in Moodle's Feedback Module
CVE-2024-43434

8.1HIGH

Key Information:

Vendor: Moodle
Status: Moodle Feedback Module
Vendor: CVE Published:; 7 November 2024

What is CVE-2024-43434?

The Moodle Feedback module features a bulk message sending capability within its non-respondents report. An incorrect check for the CSRF token can lead to unauthorized requests being processed, allowing attackers to exploit this vulnerability for malicious activities such as sending unsolicited messages or altering user interactions without consent.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2304262

https://moodle.org/mod/forum/discuss.php?d=461203

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2024