Description

A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

Remediation

References

CVE-2024-43432

Related Vulnerabilities

Apache Tomcat Improper Locking Vulnerability (CVE-2019-10072)

Squid Out-of-bounds Read Vulnerability (CVE-2023-49285)

MediaWiki Improper Authentication Vulnerability (CVE-2021-36128)

WordPress Plugin Amazon Tools Cross-Site Scripting (1.7.2)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17308)

Severity

Medium

Classification

CVE-2024-43432 CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities