CVE-2024-43434

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Nov 7, 2024

Updated: Nov 8, 2024

CWE ID 22

Summary

CVE-2024-43434 is a newly disclosed vulnerability affecting Moodle's Feedback module's non-respondents report. The issue resides in the bulk message sending feature, which incorrectly implements CSRF token checks. Consequently, an attacker could manipulate users into making unintended actions, such as sending messages on their behalf, through specifically crafted requests. This flaw poses a significant risk to Moodle users and demands immediate patching to prevent potential data breaches or unauthorized actions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/x6lBz4
https://www.cve.org/CVERecord?id=CVE-2024-43434
https://nvd.nist.gov/vuln/detail/CVE-2024-43434

Back to Vulnerability Database

CVE-2024-43434

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations