CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2024-38276: moodle: CSRF risks due to misuse of confirm_sesskey
Description
Incorrect CSRF token checks resulted in multiple CSRF risks.
Classification
CVE ID: CVE-2024-38276
Affected Products
Vendor: Moodle
Product: Moodle
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.06% (probability of being exploited)
EPSS Percentile: 29.7% (scored less or equal to compared to others)
EPSS Date: 2025-03-14 (when was this score calculated)
References
https://moodle.org/mod/forum/discuss.php?d=459501https://lists.fedoraproject.org/archives/list/[email protected]/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/
https://lists.fedoraproject.org/archives/list/[email protected]/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/