Moodle 4.4.0
Approved changes feed: RSS · Atom
cpe:2.3:a:moodle:moodle:4.4.0:*:*:*:*:*:*:*
part: a version: 4.4.0 update: *
| Vendor | Moodle (1f527b56-744d-5be6-b0f4-b691bd50b8c3) |
|---|---|
| Product | Moodle (221dc9da-2dde-53d2-a358-e0cb5ac858f7) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:docker/bitnami/moodle |
purl2cpe | 2026-06-01 10:13:14.247836 |
pkg:github/moodle/moodle |
purl2cpe | 2026-06-01 10:13:14.247837 |
pkg:rpm/fedora/moodle |
purl2cpe | 2026-06-01 10:13:14.247838 |
pkg:rpm/opensuse/moodle |
purl2cpe | 2026-06-01 10:13:14.247840 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-38277 |
vulnerable | 2026-06-08 06:41:44.785396 |
moodle: QR login key and auto-login key for the Moodle mobile app should be generated as separate keys
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.
Published: 2024-06-18T19:49:52.092Z
Updated: 2025-02-13T17:53:03.298Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38276 |
vulnerable | 2026-06-08 06:41:44.784983 |
moodle: CSRF risks due to misuse of confirm_sesskey
Incorrect CSRF token checks resulted in multiple CSRF risks.
Published: 2024-06-18T19:49:40.339Z
Updated: 2025-03-26T13:51:51.231Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38275 |
vulnerable | 2026-06-08 06:41:44.784385 |
moodle: HTTP authorization header is preserved between "emulated redirects"
The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.
Published: 2024-06-18T19:49:26.986Z
Updated: 2024-08-02T04:04:25.068Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38274 |
vulnerable | 2026-06-08 06:41:44.780292 |
moodle: stored XSS via calendar's event title when deleting the event
Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.
Published: 2024-06-18T19:49:15.739Z
Updated: 2025-02-13T17:53:02.117Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-38273 |
vulnerable | 2026-06-08 06:41:44.778256 |
moodle: BigBlueButton web service leaks meeting joining information to users who should not have access
Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.
Published: 2024-06-18T19:49:02.639Z
Updated: 2025-02-13T17:53:01.350Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.