CVE-2024-43427

A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third party.

CVSS v3 3.7 LOW

3.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2304255	Permissions Required
https://moodle.org/mod/forum/discuss.php?d=461195	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::

History

01 May 2025, 16:07

Type	Values Removed	Values Added
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2304255 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2304255 - Permissions Required
References	~~() https://moodle.org/mod/forum/discuss.php?d=461195 -~~	() https://moodle.org/mod/forum/discuss.php?d=461195 - Vendor Advisory
First Time		Moodle Moodle moodle
CPE		cpe:2.3:a:moodle:moodle::::::::

12 Nov 2024, 15:35

Type	Values Removed	Values Added
CWE		CWE-922

12 Nov 2024, 13:55

Type	Values Removed	Values Added
Summary		(es) Se encontró una falla en Moodle. Al crear una exportación de ajustes preestablecidos de administración del sitio, algunos secretos y claves confidenciales no se excluyen de la exportación, lo que podría provocar que se filtren involuntariamente si los ajustes preestablecidos se comparten con un tercero.

11 Nov 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-11 13:15

Updated : 2025-05-01 16:07

NVD link : CVE-2024-43427

Mitre link : CVE-2024-43427

CVE.ORG link : CVE-2024-43427

JSON object : View

Products Affected

moodle

moodle

CWE

CWE-922

Insecure Storage of Sensitive Information

{"id": "CVE-2024-43427", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}]}, "published": "2024-11-11T13:15:03.530", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304255", "tags": ["Permissions Required"], "source": "patrick@puiterwijk.org"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=461195", "tags": ["Vendor Advisory"], "source": "patrick@puiterwijk.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-922"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third party."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Moodle. Al crear una exportaci\u00f3n de ajustes preestablecidos de administraci\u00f3n del sitio, algunos secretos y claves confidenciales no se excluyen de la exportaci\u00f3n, lo que podr\u00eda provocar que se filtren involuntariamente si los ajustes preestablecidos se comparten con un tercero."}], "lastModified": "2025-05-01T16:07:06.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5532931-0BD7-4522-9641-F0455BB030D8", "versionEndExcluding": "4.1.12"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8D123FB-556C-4602-91CB-ABE6541079F3", "versionEndExcluding": "4.2.9", "versionStartIncluding": "4.2.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBA8C381-9493-42BD-A5EA-7AADFAB68C5E", "versionEndExcluding": "4.3.6", "versionStartIncluding": "4.3.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "277E1058-2F00-45DB-8BFC-2628CCC89981", "versionEndExcluding": "4.4.2", "versionStartIncluding": "4.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "patrick@puiterwijk.org"}