Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Moodle Cleartext Transmission of Sensitive Information Vulnerability - CVE-2024-43432 - Vulnerability Database
Moodle

Moodle Cleartext Transmission of Sensitive Information Vulnerability - CVE-2024-43432

Medium
Reference: CVE-2024-43432
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-43432
Title: Moodle Cleartext Transmission of Sensitive Information Vulnerability
Overview:

A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects but retains other original request headers so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.