CVE-2024-43432 Information

Description

A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects but retains other original request headers so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=2304260 https://moodle.org/mod/forum/discuss.php?d=461200