CVE-2024-43427
low-risk
Published 2024-11-11
A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third party.
Do I need to act?
-
0.63% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.7/10
Low
NETWORK
/ HIGH complexity
Affected Products (1)
Affected Vendors
References (2)
Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=2304255
Vendor Advisory
https://moodle.org/mod/forum/discuss.php?d=461195
20
/ 100
low-risk
Severity
13/34 · Low
Exploitability
2/34 · Minimal
Exposure
5/34 · Minimal