CVE-2024-34006

The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://moodle.org/mod/forum/discuss.php?d=458395	Vendor Advisory
https://moodle.org/mod/forum/discuss.php?d=458395	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::

History

30 May 2025, 16:48

Type	Values Removed	Values Added
References	~~() https://moodle.org/mod/forum/discuss.php?d=458395 -~~	() https://moodle.org/mod/forum/discuss.php?d=458395 - Vendor Advisory
First Time		Moodle moodle Moodle
CPE		cpe:2.3:a:moodle:moodle::::::::

21 Nov 2024, 09:17

Type	Values Removed	Values Added
References	~~() https://moodle.org/mod/forum/discuss.php?d=458395 -~~	() https://moodle.org/mod/forum/discuss.php?d=458395 -

03 Jul 2024, 01:59

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3

03 Jun 2024, 14:46

Type	Values Removed	Values Added
Summary		(es) El informe de registro del sitio requirió codificación adicional de las descripciones de eventos para garantizar que cualquier HTML en el contenido se muestre en texto plano en lugar de representarse.

31 May 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-31 21:15

Updated : 2025-05-30 16:48

NVD link : CVE-2024-34006

Mitre link : CVE-2024-34006

CVE.ORG link : CVE-2024-34006

JSON object : View

Products Affected

moodle

moodle

CWE

CWE-838

Inappropriate Encoding for Output Context

{"id": "CVE-2024-34006", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-05-31T21:15:09.533", "references": [{"url": "https://moodle.org/mod/forum/discuss.php?d=458395", "tags": ["Vendor Advisory"], "source": "patrick@puiterwijk.org"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=458395", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "description": [{"lang": "en", "value": "CWE-838"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-838"}]}], "descriptions": [{"lang": "en", "value": "The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered."}, {"lang": "es", "value": "El informe de registro del sitio requiri\u00f3 codificaci\u00f3n adicional de las descripciones de eventos para garantizar que cualquier HTML en el contenido se muestre en texto plano en lugar de representarse."}], "lastModified": "2025-05-30T16:48:15.447", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "181FEE3D-2D75-4269-A095-C555B313E159", "versionEndExcluding": "4.1.10"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3309504-72F2-4154-AF1C-57797BFEA31B", "versionEndExcluding": "4.2.7", "versionStartIncluding": "4.2.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE7100F0-5F88-497E-A04D-071DFEE765C6", "versionEndExcluding": "4.3.4", "versionStartIncluding": "4.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "patrick@puiterwijk.org"}