Vulnerability Details CVE-2024-38277
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.5%
CVSS Severity
CVSS v3 Score 5.4
References
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/
- https://moodle.org/mod/forum/discuss.php?d=459502
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/
- https://moodle.org/mod/forum/discuss.php?d=459502
Products affected by CVE-2024-38277
-
cpe:2.3:a:moodle:moodle:4.1.0
-
cpe:2.3:a:moodle:moodle:4.1.1
-
cpe:2.3:a:moodle:moodle:4.1.10
-
cpe:2.3:a:moodle:moodle:4.1.3
-
cpe:2.3:a:moodle:moodle:4.1.4
-
cpe:2.3:a:moodle:moodle:4.1.5
-
cpe:2.3:a:moodle:moodle:4.1.6
-
cpe:2.3:a:moodle:moodle:4.1.8
-
cpe:2.3:a:moodle:moodle:4.1.9
-
cpe:2.3:a:moodle:moodle:4.2.0
-
cpe:2.3:a:moodle:moodle:4.2.1
-
cpe:2.3:a:moodle:moodle:4.2.2
-
cpe:2.3:a:moodle:moodle:4.2.3
-
cpe:2.3:a:moodle:moodle:4.2.4
-
cpe:2.3:a:moodle:moodle:4.2.5
-
cpe:2.3:a:moodle:moodle:4.2.6
-
cpe:2.3:a:moodle:moodle:4.2.7
-
cpe:2.3:a:moodle:moodle:4.3.0
-
cpe:2.3:a:moodle:moodle:4.3.1
-
cpe:2.3:a:moodle:moodle:4.3.2
-
cpe:2.3:a:moodle:moodle:4.3.3
-
cpe:2.3:a:moodle:moodle:4.3.4
-
cpe:2.3:a:moodle:moodle:4.4.0
-
cpe:2.3:o:fedoraproject:fedora:39
-
cpe:2.3:o:fedoraproject:fedora:40