CVE-2024-34006: Moodle Unsanitized HTML in site log for config_log_created

May 31, 2024 (updated June 4, 2024)

The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered.

References

github.com/advisories/GHSA-vvh5-7v3m-j3mj
github.com/moodle/moodle
moodle.org/mod/forum/discuss.php?d=458395
nvd.nist.gov/vuln/detail/CVE-2024-34006

Code Behaviors & Features

Detect and mitigate CVE-2024-34006 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →