CVE-2024-33999

Name of the Vulnerable Software and Affected Versions Moodle (affected versions not specified)

Description The issue arises from the unsafe direct use of the HTTP REFERER variable in the admin/tool/mfa/index.php file. Specifically, the referrer URL used by Multi-Factor Authentication (MFA) required additional sanitizing rather than being used directly. This could potentially lead to security issues, although the exact nature and impact are not detailed in the provided information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.