Vulnerability Database

289,689

Total vulnerabilities in the database

CVE-2024-43432

A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

  • Published: Nov 11, 2024
  • Updated: May 2, 2025
  • CVE: CVE-2024-43432
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.3
  • AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

No CWE or OWASP classifications available.

Software From Fixed in
moodle / moodle - 4.1.12
moodle / moodle 4.2.0 4.2.9
moodle / moodle 4.3.0 4.3.6
moodle / moodle 4.4.0 4.4.2