Educational

In Moodle a low severity vulnerability CVE-2024-38274 was detected. This issue allows harmful code to be stored in calendar event titles, posing a risk when deleting events due to improper handling of user input. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38274/.

In Moodle versions distributed by Ubuntu, a medium severity vulnerability was detected. It involves the use of cryptographic keys or passwords beyond their expiration date. This oversight extends the window during which these credentials could be vulnerable to cracking attacks, emphasizing the critical need for timely key and password management to uphold robust security measures. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38277/.

In Moodle CMS version 3.10 a low severity vulnerability CVE-2024-37674 was detected. This vulnerability allows a remote attacker to run any code they want through the name parameter when creating a new activity. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37674/.

In Moodle versions from 4.0 through 4.3.3, from 4.2 through 4.2.6, and from 4.1 through 4.1.9 a medium severity vulnerability CVE-2024-34008 was detected. Admin actions for managing analytics models lacked the token needed to prevent CSRF risks. CSRF involves unauthorized requests made on behalf of a user without their consent. There is no proper solution yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34008.

In Moodle versions from 4.3 to 4.3.3 a medium severity vulnerability CVE-2024-34009 was detected. ReCAPTCHA on the login page can be bypassed due to insufficient validation checks, although this issue does not affect other pages. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34009/.

In MOODLE version 3.10.9 a medium severity vulnerability CVE-2024-29374 was detected. Due to this bug, certain website links could be used by attackers to run harmful scripts in your browser, potentially causing harm, so avoid clicking on suspicious links until a fix is provided. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-29374/.

In Moodle version 4.3.3 a medium severity vulnerability CVE-2024-28593 was detected. The Chat activity allows students to insert a potentially unwanted HTML A element, IMG element, or HTML content that leads to performance degradation. The vendor’s Using_Chat page says “If you know some HTML code, you can use it in your text to do things like insert images, play sounds, or create different colored and sized text.” This page also says “Chat is due to be removed from standard Moodle.” For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-28593/.