Description

A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third party.

Remediation

References

CVE-2024-43427

Related Vulnerabilities

MySQL Resource Management Errors Vulnerability (CVE-2010-3678)

easyXDM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-27739)

WordPress Plugin bbPress Cross-Site Scripting (2.5.6)

WordPress Plugin WOOCS-Currency Switcher for WooCommerce Professional Local File Inclusion (1.3.6.2)

PHP Double Free Vulnerability (CVE-2019-11049)

Severity

Low

Classification

CVE-2024-43427 CWE-922 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities