CVE-2024-43427

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Moodle versions prior to 4.4.2

Description A flaw was found in Moodle where sensitive secrets and keys are not excluded from the export of site administration presets, potentially leading to unintentional leakage if shared with a third party. This issue is related to the unprotected storage of confidential information, which could allow a remote attacker to access sensitive data.

Recommendations For Moodle versions prior to 4.4.2, upgrade to the latest version to resolve the issue. As a temporary workaround, consider restricting access to the site administration preset export feature to minimize the risk of exploitation. Avoid sharing site administration presets with third parties until the issue is resolved.

Fix

Insecure Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-922

Related Identifiers

ALT-PU-2024-16385

ALT-PU-2024-16417

BDU:2024-10225

BIT-MOODLE-2024-43427

CVE-2024-43427

GHSA-VPQ5-56JJ-VF2M

Affected Products

Alt Linux

Moodle

Red Os

CVE-2024-43427

Weakness Enumeration

Related Identifiers

Affected Products

References · 19