CVE-2024-38275

Опубликовано: 18 июн. 2024

Источник: debian

EPSS Низкий

Описание

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
moodle	removed			package

EPSS

Процентиль: 44%

0.00208

Низкий

Связанные уязвимости

CVE-2024-38275

CVSS3: 7.5

ubuntu

около 1 года назад

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

CVE-2024-38275

CVSS3: 7.5

nvd

около 1 года назад

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

GHSA-p2cj-86v4-7782

CVSS3: 7.5

github

около 1 года назад

Moodle HTTP authorization header is preserved between "emulated redirects"

ROS-20240701-03

CVSS3: 7.4

redos

12 месяцев назад

Множественные уязвимости moodle

EPSS

Процентиль: 44%

0.00208

Низкий