CVE-2024-43427
Moodle: admin presets export tool includes some secrets that should not be exported
3.7
LOW
CVSS 3.1
EPSS 0.63%
Description
A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third party.
How to fix CVE-2024-43427
To remediate CVE-2024-43427, upgrade the affected package to a fixed version below.
- —upgrade to 4.1.12 or later
- —upgrade to 4.4.2 or later
Is CVE-2024-43427 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4.1.12, >= 4.2.0, < 4.2.9, >= 4.3.0, < 4.3.6, >= 4.4.0, < 4.4.2
- >= 4.4.0, < 4.4.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U |
| osv | CVSS 3.1 | LOW3.7 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |