Moderate severityNVD Advisory· Published Jun 18, 2024· Updated Mar 26, 2025
moodle: CSRF risks due to misuse of confirm_sesskey
CVE-2024-38276
Description
Incorrect CSRF token checks resulted in multiple CSRF risks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | >= 4.4.0-beta, < 4.4.1 | 4.4.1 |
moodle/moodlePackagist | >= 4.3.0-beta, < 4.3.5 | 4.3.5 |
moodle/moodlePackagist | >= 4.2.0-beta, < 4.2.8 | 4.2.8 |
moodle/moodlePackagist | < 4.1.11 | 4.1.11 |
Affected products
3- osv-coords2 versions
< 4.1.10+ 1 more
- (no CPE)range: < 4.1.10
- (no CPE)range: >= 4.4.0-beta, < 4.4.1
Patches
Vulnerability mechanics
References
23- github.com/advisories/GHSA-356g-7x36-7m34ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-38276ghsaADVISORY
- github.com/moodle/moodle/commit/093aedf79889114d004495f05969168b646b0285ghsaWEB
- github.com/moodle/moodle/commit/137d311fd1354c679b974633512a771e6e0559a1ghsaWEB
- github.com/moodle/moodle/commit/30fadc3686fa7490860a0bd87a29636139dfb371ghsaWEB
- github.com/moodle/moodle/commit/31ced0851189a6879e4cd27c7e65d21dd9d6e87eghsaWEB
- github.com/moodle/moodle/commit/57f20b6cb352893871c3afdfa8a4c09a96e16764ghsaWEB
- github.com/moodle/moodle/commit/756090ed79aa056d0b5f58e7a1dff67f139f76b4ghsaWEB
- github.com/moodle/moodle/commit/9af9711c0a78ebad87d49bcb369ff813bc57d0a7ghsaWEB
- github.com/moodle/moodle/commit/a0d8c025f732d5c18a2b9d1a8e5cbee35dce86f4ghsaWEB
- github.com/moodle/moodle/commit/c18b59808cefe7b54c85dce6bf2cc71601080667ghsaWEB
- github.com/moodle/moodle/commit/c1aacb3e2884ea4dcc221c5ef2e449ce345f78aeghsaWEB
- github.com/moodle/moodle/commit/c5b1604e8136db6d72057dd8052955058489206cghsaWEB
- github.com/moodle/moodle/commit/da8e8cee6ffaf7c184eded97e1016f20c9de0561ghsaWEB
- github.com/moodle/moodle/commit/dc84fcfab06a4a0fe37797b8422e9fe3a1031c3eghsaWEB
- github.com/moodle/moodle/commit/e1dab5f38166a2ff62983178f7bf8f0ed3a61090ghsaWEB
- github.com/moodle/moodle/commit/e23f603c41055ab92f9b430cf0e7a54b4e120f95ghsaWEB
- github.com/moodle/moodle/commit/f2807dee5bc777d9c58b7a70cba6e4c21ee02ea1ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7EghsaWEB
- moodle.org/mod/forum/discuss.phpghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/mitre
News mentions
0No linked articles in our index yet.