CVE-2024-43427: Moodle admin presets export tool includes some secrets that should not be exported

November 11, 2024 (updated November 12, 2024)

A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third party.

References

bugzilla.redhat.com/show_bug.cgi?id=2304255
github.com/advisories/GHSA-vpq5-56jj-vf2m
github.com/moodle/moodle
moodle.org/mod/forum/discuss.php?d=461195
nvd.nist.gov/vuln/detail/CVE-2024-43427

Code Behaviors & Features

Detect and mitigate CVE-2024-43427 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →