Description

A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

Remediation

References

CVE-2024-43432

Related Vulnerabilities

Envoy Proxy Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2019-9901)

Python Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-1912)

WordPress Plugin RestroPress-Online Food Ordering System Security Bypass (2.8.3)

WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark Cross-Site Request Forgery (2.0.2)

ProjectSend Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9783)

Severity

Medium

Classification

CVE-2024-43432 CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities