CVE-2024-34007: Moodle Logout CSRF in admin/tool/mfa/auth.php

May 31, 2024 (updated June 4, 2024)

The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF.

References

github.com/advisories/GHSA-8g5h-gjwq-w5ch
github.com/moodle/moodle
moodle.org/mod/forum/discuss.php?d=458396
nvd.nist.gov/vuln/detail/CVE-2024-34007

Code Behaviors & Features

Detect and mitigate CVE-2024-34007 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →