CVE-2024-38277

EPSS 0.19%
Veröffentlicht 18.06.2024 20:15:14
Zuletzt bearbeitet 07.08.2025 17:24:28
Quelle patrick@puiterwijk.org
CVE-Watchlists
Login
Unerledigt
Login

moodle: QR login key and auto-login key for the Moodle mobile app should be generated as separate keys

A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 6

NVD 6 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Moodle ≫ Moodle Version >= 4.1.0 < 4.1.11

Moodle ≫ Moodle Version >= 4.2.0 < 4.2.8

Moodle ≫ Moodle Version >= 4.3.0 < 4.3.5

Moodle ≫ Moodle Version4.4.0

Fedoraproject ≫ Fedora Version39

Fedoraproject ≫ Fedora Version40

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.406

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-324 Use of a Key Past its Expiration Date

The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/

Mailing List

https://moodle.org/mod/forum/discuss.php?d=459502

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-38277

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-38277

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-38277

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-38277