← Back to CVEs
CVE-2024-43427
LOW3.7
Description
A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third party.
CVE Details
CVSS v3.1 Score3.7
SeverityLOW
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
Published11/11/2024
Last Modified5/1/2025
Sourcenvd
Honeypot Sightings0
Affected Products
moodle:moodle
Weaknesses (CWE)
CWE-922
References
https://bugzilla.redhat.com/show_bug.cgi?id=2304255(patrick@puiterwijk.org)
https://moodle.org/mod/forum/discuss.php?d=461195(patrick@puiterwijk.org)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.