Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-43434", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2024-08-13T07:15:00.598Z", "datePublished": "2024-11-07T13:28:27.671Z", "dateUpdated": "2024-11-07T15:56:27.455Z"}, "containers": {"cna": {"title": "Moodle: csrf risk in feedback non-respondents report", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability."}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "4.1.12", "versionType": "semver"}, {"status": "affected", "version": "4.2", "lessThan": "4.2.9", "versionType": "semver"}, {"status": "affected", "version": "4.3", "lessThan": "4.3.6", "versionType": "semver"}, {"status": "affected", "version": "4.4", "lessThan": "4.4.2", "versionType": "semver"}], "packageName": "moodle", "collectionURL": "https://github.com/moodle/moodle", "defaultStatus": "unaffected"}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304262", "name": "RHBZ#2304262", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://moodle.org/mod/forum/discuss.php?d=461203"}], "datePublic": "2024-08-19T04:00:00+00:00", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2024-08-12T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-08-19T04:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-11-07T13:28:27.671Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "affected": [{"vendor": "moodle", "product": "moodle", "cpes": ["cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.1.12", "versionType": "semver"}, {"version": "4.2", "status": "affected", "lessThan": "4.2.9", "versionType": "semver"}, {"version": "4.3", "status": "affected", "lessThan": "4.3.6", "versionType": "semver"}, {"version": "4.4", "status": "affected", "lessThan": "4.4.2", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-07T14:40:44.970094Z", "id": "CVE-2024-43434", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-07T15:56:27.455Z"}}]}} 
ReportizFlow
MITRE
Vulnrichment
NVD
Redhat