CVE-2024-43429

A flaw was found in moodle. Some hidden user profile fields are visible in gradebook reports, which could result in users without the "view hidden user fields" capability having access to the information.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2304257	Permissions Required
https://moodle.org/mod/forum/discuss.php?d=461197	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::

History

01 May 2025, 16:07

Type	Values Removed	Values Added
CPE		cpe:2.3:a:moodle:moodle::::::::
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2304257 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2304257 - Permissions Required
References	~~() https://moodle.org/mod/forum/discuss.php?d=461197 -~~	() https://moodle.org/mod/forum/discuss.php?d=461197 - Vendor Advisory
First Time		Moodle Moodle moodle

Information

Published : 2024-11-11 13:15

Updated : 2025-05-01 16:07

NVD link : CVE-2024-43429

Mitre link : CVE-2024-43429

CVE.ORG link : CVE-2024-43429

JSON object : View

Products Affected

moodle

moodle

CWE

CWE-312

Cleartext Storage of Sensitive Information

{"id": "CVE-2024-43429", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-11-11T13:15:03.880", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304257", "tags": ["Permissions Required"], "source": "patrick@puiterwijk.org"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=461197", "tags": ["Vendor Advisory"], "source": "patrick@puiterwijk.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in moodle. Some hidden user profile fields are visible in gradebook reports, which could result in users without the \"view hidden user fields\" capability having access to the information."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Moodle. Algunos campos de perfil de usuario ocultos son visibles en los informes del libro de calificaciones, lo que podr\u00eda provocar que los usuarios sin la capacidad de \"ver campos de usuario ocultos\" tengan acceso a la informaci\u00f3n."}], "lastModified": "2025-05-01T16:07:22.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5532931-0BD7-4522-9641-F0455BB030D8", "versionEndExcluding": "4.1.12"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8D123FB-556C-4602-91CB-ABE6541079F3", "versionEndExcluding": "4.2.9", "versionStartIncluding": "4.2.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBA8C381-9493-42BD-A5EA-7AADFAB68C5E", "versionEndExcluding": "4.3.6", "versionStartIncluding": "4.3.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "277E1058-2F00-45DB-8BFC-2628CCC89981", "versionEndExcluding": "4.4.2", "versionStartIncluding": "4.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "patrick@puiterwijk.org"}