Base Score

HIGH8.1

CVE-2024-43434

The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability.

VectorNETWORK

Published Bypatrick@puiterwijk.org

Published DateNov 07, 2024, 14:15

Affected Versions(4)

moodle/moodle(Packagist)

Introduced0

Fixed4.1.12

LimitN/A

moodle/moodle(Packagist)

Introduced4.2.0-beta

Fixed4.2.9

LimitN/A

moodle/moodle(Packagist)

Introduced4.3.0-beta

Fixed4.3.6

LimitN/A

moodle/moodle(Packagist)

Introduced4.4.0-beta

Fixed4.4.2

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
moodle/moodle(Packagist)	0	4.1.12	N/A
moodle/moodle(Packagist)	4.2.0-beta	4.2.9	N/A
moodle/moodle(Packagist)	4.3.0-beta	4.3.6	N/A
moodle/moodle(Packagist)	4.4.0-beta	4.4.2	N/A

Weakness Type (CWE):CWE-22

CVSS Metrics

Base Score

8.1

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

NONE

References

Base Score

HIGH8.1

Weakness Type (CWE):CWE-22

CVSS Metrics

Base Score

8.1

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

NONE