Miggo Logo
Miggo Vulnerability Database
CVE-2024-34007

CVE-2024-34007: Moodle Logout CSRF in admin/tool/mfa/auth.php

8.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-34007
GHSA ID
GHSA-8g5h-gjwq-w5ch
EPSS Score
0.71264%
CWE
CWE-352
Published
5/31/2024
Updated
6/4/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer>= 4.3.0, < 4.3.44.3.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

  1. The vulnerability explicitly concerns missing CSRF protection in MFA logout.
  2. Moodle's standard CSRF prevention uses require_sesskey() checks for state-changing actions.
  3. The affected file path admin/tool/mfa/auth.php indicates the logout handler resides here.
  4. While exact function names aren't provided, the logout functionality in this file would logically process logout requests without token validation before patching.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** lo*out option wit*in M** *i* not in*lu** t** n***ss*ry tok*n to *voi* t** risk o* us*rs in**v*rt*ntly **in* lo**** out vi* *SR*.

Reasoning

*. T** vuln*r**ility *xpli*itly *on**rns missin* *SR* prot**tion in M** lo*out. *. Moo*l*'s st*n**r* *SR* pr*v*ntion us*s r*quir*_s*ssk*y() ****ks *or st*t*-***n*in* **tions. *. T** *****t** *il* p*t* **min/tool/m**/*ut*.p*p in*i**t*s t** lo*out **n*