IsItPatchedInstant security status for any software version
← All products

CVE-2024-38275

HIGH severity · CVSS 7.5 · CWE-226
7.5CVSS HIGH

Summary

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

Impact & exploitability

Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactHigh
Integrity impactNone
Availability impactNone
Exploit probability (EPSS)1%

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products we track (1)

Moodle

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Additional information

Last checked: Wed, 10 Jun 2026 22:18:30 UTC