CVE-2024-34009 – moodle/moodle

Package

Manager: composer
Name: moodle/moodle
Vulnerable Version: >=4.3.0 <4.3.4

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00085 pctl0.25496

Details

Moodle ReCAPTCHA can be bypassed on the login page Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized.

Metadata

Created: 2024-05-31T21:30:55Z
Modified: 2024-08-02T15:59:56Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-gwf6-q6c2-94p3/GHSA-gwf6-q6c2-94p3.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-gwf6-q6c2-94p3
Finding: F184
Auto approve: 1