CVE-2024-43434

{"id": "CVE-2024-43434", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2024-11-07T14:15:16.067", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304262", "source": "patrick@puiterwijk.org"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=461203", "source": "patrick@puiterwijk.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability."}, {"lang": "es", "value": "La funci\u00f3n de env\u00edo masivo de mensajes en el informe de no respuestas del m\u00f3dulo de comentarios de Moodle ten\u00eda una verificaci\u00f3n de token CSRF incorrecta, lo que generaba una vulnerabilidad CSRF."}], "lastModified": "2024-11-08T19:01:03.880", "sourceIdentifier": "patrick@puiterwijk.org"}