CVE-2024-34008: Moodle CSRF risk in analytics management of models

May 31, 2024 (updated June 4, 2024)

Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk.

References

github.com/advisories/GHSA-68x5-4jg5-gjgg
github.com/moodle/moodle
moodle.org/mod/forum/discuss.php?d=458397
nvd.nist.gov/vuln/detail/CVE-2024-34008

Code Behaviors & Features

Detect and mitigate CVE-2024-34008 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →