4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-32472

GHSA ID

GHSA-454r-jccq-96q8

EPSS Score

0.5903%

CWE

CWE-200

Published

3/12/2022

Updated

4/23/2024

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-32472

CVE-2021-32472: Moodle Exposure of Sensitive Information to an Unauthorized Actor

Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected.

(GitHub Advisory)

4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-32472

GHSA ID

GHSA-454r-jccq-96q8

EPSS Score

0.5903%

CWE

CWE-200

Published

3/12/2022

Updated

4/23/2024

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
moodle/moodle	composer	>= 3.8.0, < 3.8.9	3.8.9
moodle/moodle	composer	>= 3.9.0, < 3.9.7	3.9.7
moodle/moodle	composer	>= 3.10.0, < 3.10.4	3.10.4

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from missing authorization checks during forum CSV exports. Key indicators:

CWE-862 (Missing Authorization) implies a failure to validate course-specific permissions
The export functionality would logically reside in dedicated export handlers (mod/forum/classes/external/export.php) and core forum libraries
Moodle's architecture typically uses capability checks in context-bound functions - the absence of context-aware checks (e.g. require_capability('mod/forum:exportforum', $context)) would explain cross-course access
The patch versions' release notes and tracker reference (MDL-71359) suggest authorization logic was added to export workflows While exact pre-patch code isn't available, Moodle's modular structure and vulnerability pattern strongly implicate these core forum export functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T*****rs *xportin* * *orum in *SV *orm*t *oul* r***iv* * *SV o* *orums *rom *ll *ours*s in som* *ir*umst*n**s. Moo*l* v*rsions *.** to *.**.*, *.* to *.*.* *n* *.* to *.*.* *r* *****t**.

Reasoning

T** vuln*r**ility st*ms *rom missin* *ut*oriz*tion ****ks *urin* *orum *SV *xports. K*y in*i**tors: *. *W*-*** (Missin* *ut*oriz*tion) impli*s * **ilur* to v*li**t* *ours*-sp**i*i* p*rmissions *. T** *xport *un*tion*lity woul* lo*i**lly r*si** in ***

4.3

Basic Information

Concerned about an active attack path?

CVE-2021-32472: Moodle Exposure of Sensitive Information to an Unauthorized Actor

4.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI