CVE-2024-38277 - Vulnerability Details - OpenCVE

A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Fedoraproject	Fedora
Moodle	Moodle

Configuration 1 [-]

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle:4.4.0:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:39:::::::*
	cpe:2.3:o:fedoraproject:fedora:40:::::::*

No data.

References

Link	Providers
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/
https://moodle.org/mod/forum/discuss.php?d=459502

History

Thu, 07 Aug 2025 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fedoraproject Fedoraproject fedora Moodle Moodle moodle
CPEs		cpe:2.3:a:moodle:moodle:::::::: cpe:2.3:a:moodle:moodle:4.4.0:::::::* cpe:2.3:o:fedoraproject:fedora:39:::::::* cpe:2.3:o:fedoraproject:fedora:40:::::::*
Vendors & Products		Fedoraproject Fedoraproject fedora Moodle Moodle moodle

Wed, 04 Dec 2024 17:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-326
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: fedora

Published: 2024-06-18T19:49:52.092Z

Updated: 2025-02-13T17:53:03.298Z

Reserved: 2024-06-12T14:08:44.048Z

Link: CVE-2024-38277

Vulnrichment

Updated: 2024-08-02T04:04:25.111Z

NVD

Status : Analyzed

Published: 2024-06-18T20:15:14.210

Modified: 2025-08-07T17:24:28.743

Link: CVE-2024-38277

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-38277", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2024-06-12T14:08:44.048Z", "datePublished": "2024-06-18T19:49:52.092Z", "dateUpdated": "2025-02-13T17:53:03.298Z"}, "containers": {"cna": {"title": "moodle: QR login key and auto-login key for the Moodle mobile app should be generated as separate keys", "datePublic": "2024-06-18T17:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-324", "description": "CWE-324", "type": "CWE"}]}], "affected": [{"vendor": "Moodle", "product": "Moodle", "versions": [{"status": "affected", "version": "4.4", "versionType": "semver"}, {"status": "affected", "version": "4.3", "lessThanOrEqual": "4.3.4", "versionType": "semver"}, {"status": "affected", "version": "4.2", "lessThanOrEqual": "4.2.7", "versionType": "semver"}, {"status": "affected", "version": "4.1", "lessThanOrEqual": "4.1.10", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<pre><pre><pre>A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.</pre></pre></pre><br>"}]}], "references": [{"url": "https://moodle.org/mod/forum/discuss.php?d=459502"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/"}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-06-27T03:05:58.874Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-326", "lang": "en", "description": "CWE-326 Inadequate Encryption Strength"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-21T15:55:16.520252Z", "id": "CVE-2024-38277", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-04T16:50:08.214Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:04:25.111Z"}, "title": "CVE Program Container", "references": [{"url": "https://moodle.org/mod/forum/discuss.php?d=459502", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://moodle.org/mod/forum/discuss.php?d=459502", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:04:25.111Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-38277", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-21T15:55:16.520252Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-326", "description": "CWE-326 Inadequate Encryption Strength"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-21T15:55:21.645Z"}}], "cna": {"title": "moodle: QR login key and auto-login key for the Moodle mobile app should be generated as separate keys", "affected": [{"vendor": "Moodle", "product": "Moodle", "versions": [{"status": "affected", "version": "4.4", "versionType": "semver"}, {"status": "affected", "version": "4.3", "versionType": "semver", "lessThanOrEqual": "4.3.4"}, {"status": "affected", "version": "4.2", "versionType": "semver", "lessThanOrEqual": "4.2.7"}, {"status": "affected", "version": "4.1", "versionType": "semver", "lessThanOrEqual": "4.1.10"}], "defaultStatus": "unaffected"}], "datePublic": "2024-06-18T17:00:00.000Z", "references": [{"url": "https://moodle.org/mod/forum/discuss.php?d=459502"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/"}], "descriptions": [{"lang": "en", "value": "A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.", "supportingMedia": [{"type": "text/html", "value": "<pre><pre><pre>A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.</pre></pre></pre><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-324", "description": "CWE-324"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-06-27T03:05:58.874Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38277", "state": "PUBLISHED", "dateUpdated": "2025-02-13T17:53:03.298Z", "dateReserved": "2024-06-12T14:08:44.048Z", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "datePublished": "2024-06-18T19:49:52.092Z", "assignerShortName": "fedora"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CC28E6E-1BB0-46D9-A9BC-49E098ED1EA7", "versionEndExcluding": "4.1.11", "versionStartIncluding": "4.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "4EF79A9A-E117-44AF-BA6B-DC9620FDA8CE", "versionEndExcluding": "4.2.8", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E990456-42CD-4B17-8A62-1F2ACF3B0678", "versionEndExcluding": "4.3.5", "versionStartIncluding": "4.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "23575814-D590-4CDA-880B-E7214A53D7F5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two."}, {"lang": "es", "value": "Se debe generar una clave \u00fanica para la clave de inicio de sesi\u00f3n QR de un usuario y su clave de inicio de sesi\u00f3n autom\u00e1tico, de modo que la misma clave no se pueda usar indistintamente entre las dos."}], "id": "CVE-2024-38277", "lastModified": "2025-08-07T17:24:28.743", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-06-18T20:15:14.210", "references": [{"source": "patrick@puiterwijk.org", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/"}, {"source": "patrick@puiterwijk.org", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/"}, {"source": "patrick@puiterwijk.org", "tags": ["Vendor Advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=459502"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=459502"}], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-324"}], "source": "patrick@puiterwijk.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-326"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}