GCVE - cpe:2.3:a:moodle:moodle:4.1.0:-:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:moodle:moodle:4.1.0:-:*:*:*:*:*:*

part: a version: 4.1.0 update: -

Vendor	Moodle (`1f527b56-744d-5be6-b0f4-b691bd50b8c3`)
Product	Moodle (`221dc9da-2dde-53d2-a358-e0cb5ac858f7`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:docker/bitnami/moodle`	purl2cpe	2026-06-01 10:13:14.247527
`pkg:github/moodle/moodle`	purl2cpe	2026-06-01 10:13:14.247529
`pkg:rpm/fedora/moodle`	purl2cpe	2026-06-01 10:13:14.247530
`pkg:rpm/opensuse/moodle`	purl2cpe	2026-06-01 10:13:14.247531

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-38275`	vulnerable	2026-06-08 06:41:44.782408	moodle: HTTP authorization header is preserved between "emulated redirects" The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs. Published: 2024-06-18T19:49:26.986Z Updated: 2024-08-02T04:04:25.068Z Open on db.gcve.eu Reference links https://moodle.org/mod/forum/discuss.php?d=459500	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-34003`	vulnerable	2026-06-08 06:37:32.464354	moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_workshop backup In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file include. Published: 2024-05-31T20:19:00.553Z Updated: 2024-08-02T02:42:59.891Z Open on db.gcve.eu Reference links https://moodle.org/mod/forum/discuss.php?d=458391	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-34001`	vulnerable	2026-06-08 06:37:32.463064	moodle: CSRF risk in admin preset tool management of presets Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk. Published: 2024-05-31T20:06:48.288Z Updated: 2024-08-02T02:42:59.899Z Open on db.gcve.eu Reference links https://moodle.org/mod/forum/discuss.php?d=458389	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-33996`	vulnerable	2026-06-08 06:37:32.459062	moodle: broken access control when setting calendar event type Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to. Published: 2024-05-31T19:29:07.256Z Updated: 2024-08-02T02:42:59.873Z Open on db.gcve.eu Reference links https://moodle.org/mod/forum/discuss.php?d=458384#p1840909	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28336`	vulnerable	2026-06-08 06:01:10.370880	Moodle: teacher can access names of users they do not have permission to access Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. Published: 2023-03-23T00:00:00.000Z Updated: 2024-08-02T12:38:25.188Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=2179426 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF/ https://moodle.org/mod/forum/discuss.php?d=445068	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28335`	vulnerable	2026-06-08 06:01:10.370430	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28334`	vulnerable	2026-06-08 06:01:10.370072	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28333`	vulnerable	2026-06-08 06:01:10.369656	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28332`	vulnerable	2026-06-08 06:01:10.369166	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28331`	vulnerable	2026-06-08 06:01:10.368707	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28330`	vulnerable	2026-06-08 06:01:10.368197	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28329`	vulnerable	2026-06-08 06:01:10.366662	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-23923`	vulnerable	2026-06-08 05:56:04.806512	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-23922`	vulnerable	2026-06-08 05:56:04.806093	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-23921`	vulnerable	2026-06-08 05:56:04.805641	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-1402`	vulnerable	2026-06-08 05:52:35.777019	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.