Headline

GHSA-r82w-3phg-qvr4: Moodle uses the same key for QR login and auto-login

A unique key should be generated for a user’s QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.

1 year ago

ghsa

Open in Source

#vulnerability #git

Navigation Menu

- Actions
  
  Automate any workflow
- Packages
  
  Host and manage packages
- Security
  
  Find and fix vulnerabilities
- Codespaces
  
  Instant dev environments
- GitHub Copilot
  
  Write better code with AI
- Code review
  
  Manage code changes
- Issues
  
  Plan and track work
- Discussions
  
  Collaborate outside of code

- GitHub Sponsors
  
  Fund open source developers

*   The ReadME Project
    
    GitHub community articles

- Enterprise platform
  
  AI-powered developer platform

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

GitHub Advisory Database
GitHub Reviewed
CVE-2024-38277

Moodle uses the same key for QR login and auto-login

Moderate severity GitHub Reviewed Published Jun 18, 2024 to the GitHub Advisory Database • Updated Jun 18, 2024

Package

composer moodle/moodle (Composer)

Affected versions

>= 4.4.0-beta, < 4.4.1

>= 4.3.0-beta, < 4.3.5

>= 4.2.0-beta, < 4.2.8

< 4.1.11

Patched versions

4.4.1

4.3.5

4.2.8

4.1.11

Description

Published to the GitHub Advisory Database

Jun 18, 2024

Last updated

Jun 18, 2024

ghsa: Latest News

GHSA-r399-636x-v7f6: LangChain serialization injection vulnerability enables secret extraction

12 hours ago

ghsa

GHSA-hm5p-x4rq-38w4: httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage

13 hours ago

ghsa

GHSA-c67j-w6g6-q2cm: LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs

13 hours ago

ghsa

GHSA-pp3g-xmm4-5cw9: Home Assistant Core before is vulnerable to Directory Traversal

14 hours ago

ghsa

GHSA-qx44-p258-3c2v: Cadmium CMS has a background arbitrary file upload vulnerability

14 hours ago

ghsa