CVE-2024-38275
Published: 18 June 2024
The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.
Priority
Status
Package | Release | Status |
---|---|---|
moodle
Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(4.4.1, 4.3.5, 4.2.8, 4.1.1)
|
|
xenial |
Needs triage
|
|
Patches:
upstream: https://git.moodle.org/gw?p=moodle.git;a=commit;h=03cb18d6ff71bc6a06596dcdfb077abed713c678 |