CVE-2024-43434

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-43434

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43434.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-43434

Aliases

Downstream

UBUNTU-CVE-2024-43434

Published

2024-11-07T14:15:16.067Z

Modified

2026-04-10T05:16:22.230433Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type

GIT

Repo

https://github.com/moodle/moodle

Events

Introduced

Fixed

aea9770cfc7d003a737f4899489d1e3982efe9ac

Introduced

ae4efa96ee8169a848c141ad21690165ea791552

Fixed

62c1f37d409241624a6b69119c754dcc3664b0ce

Introduced

fe7aff8093240cc373f1ddaa66ecb91c4bc0a09f

Fixed

fcf23db6be03ebe13077f881f0b4cf8757984452

Introduced

ee91c6536f99e1633e2245780c4fe7f47340ed66

Fixed

cc2edf3b8ccaa116e19ea2bb5daec7ed8adb3acd

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.1.12"
        },
        {
            "introduced": "4.2.0"
        },
        {
            "fixed": "4.2.9"
        },
        {
            "introduced": "4.3.0"
        },
        {
            "fixed": "4.3.6"
        },
        {
            "introduced": "4.4.0"
        },
        {
            "fixed": "4.4.2"
        }
    ]
}

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.1.0

v1.1.1

v1.2.0

v1.2.1

v1.3.0

v2.*

v2.0.0

v2.0.0-rc1

v2.0.0-rc2

v2.0.1

v2.1.0

v2.2.0

v2.2.0-beta

v2.2.0-rc1

v2.3.0

v2.3.0-beta

v2.3.0-rc1

v2.4.0

v2.4.0-beta

v2.4.0-rc1

v2.5.0

v2.5.0-beta

v2.5.0-rc1

v2.6.0

v2.6.0-beta

v2.6.0-rc1

v2.7.0

v2.7.0-beta

v2.7.0-rc1

v2.7.0-rc2

v2.8.0

v2.8.0-beta

v2.8.0-rc1

v2.8.0-rc2

v2.9.0

v2.9.0-beta

v2.9.0-rc1

v2.9.0-rc2

v3.*

v3.0.0

v3.0.0-beta

v3.0.0-rc1

v3.0.0-rc2

v3.0.0-rc3

v3.0.0-rc4

v3.1.0

v3.1.0-beta

v3.1.0-rc1

v3.1.0-rc2

v3.2.0

v3.2.0-beta

v3.2.0-rc1

v3.2.0-rc2

v3.2.0-rc3

v3.2.0-rc4

v3.2.0-rc5

v3.3.0

v3.3.0-beta

v3.3.0-rc1

v3.3.0-rc2

v3.3.0-rc3

v3.4.0

v3.4.0-beta

v3.4.0-rc1

v3.4.0-rc2

v3.4.0-rc3

v3.5.0

v3.5.0-beta

v3.5.0-rc1

v3.6.0

v3.6.0-beta

v3.6.0-rc1

v3.6.0-rc2

v3.6.0-rc3

v3.7.0

v3.7.0-beta

v3.7.0-rc1

v3.7.0-rc2

v3.8.0

v3.8.0-beta

v3.8.0-rc1

v3.9.0

v3.9.0-beta

v3.9.0-rc1

v3.9.0-rc2

v3.9.0-rc3

v4.*

v4.0.0

v4.0.0-beta

v4.0.0-rc1

v4.0.0-rc2

v4.0.0-rc3

v4.0.0-rc4

v4.1.0

v4.1.0-beta

v4.1.0-rc1

v4.1.0-rc2

v4.1.0-rc3

v4.1.1

v4.1.10

v4.1.11

v4.1.2

v4.1.3

v4.1.4

v4.1.5

v4.1.6

v4.1.7

v4.1.8

v4.1.9

v4.2.0

v4.2.1

v4.2.2

v4.2.3

v4.2.4

v4.2.5

v4.2.6

v4.2.7

v4.2.8

v4.3.0

v4.3.1

v4.3.2

v4.3.3

v4.3.4

v4.3.5

v4.4.0

v4.4.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43434.json"