Search for vulnerabilities
Vulnerability details: VCID-mm23-vgkg-hbdm
Vulnerability ID VCID-mm23-vgkg-hbdm
Aliases CVE-2024-38277
GHSA-r82w-3phg-qvr4
Summary Moodle uses the same key for QR login and auto-login A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-324 Use of a Key Past its Expiration Date
CWE-326 Inadequate Encryption Strength
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2024-38277
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2024-38277
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-r82w-3phg-qvr4
cvssv3.1 6.5 https://github.com/moodle/moodle
generic_textual MODERATE https://github.com/moodle/moodle
cvssv3.1 6.5 https://github.com/moodle/moodle/commit/0caedaab7cd5a46331d56654ce9301b0a5a04c56
generic_textual MODERATE https://github.com/moodle/moodle/commit/0caedaab7cd5a46331d56654ce9301b0a5a04c56
cvssv3.1 6.5 https://github.com/moodle/moodle/commit/1aea4a15281d81f2414a95aa485b8a6551708f57
generic_textual MODERATE https://github.com/moodle/moodle/commit/1aea4a15281d81f2414a95aa485b8a6551708f57
cvssv3.1 6.5 https://github.com/moodle/moodle/commit/ad46a97f5355f0451d52e9f1a0f528d9a6f12e06
generic_textual MODERATE https://github.com/moodle/moodle/commit/ad46a97f5355f0451d52e9f1a0f528d9a6f12e06
cvssv3.1 6.5 https://github.com/moodle/moodle/commit/d05795db8eece2943241a29a5443fb4685ba6070
generic_textual MODERATE https://github.com/moodle/moodle/commit/d05795db8eece2943241a29a5443fb4685ba6070
cvssv3.1 6.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6
cvssv3.1 5.4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/
cvssv3.1 6.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E
cvssv3.1 5.4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/
cvssv3.1 5.4 https://moodle.org/mod/forum/discuss.php?d=459502
cvssv3.1 6.5 https://moodle.org/mod/forum/discuss.php?d=459502
generic_textual MODERATE https://moodle.org/mod/forum/discuss.php?d=459502
ssvc Track https://moodle.org/mod/forum/discuss.php?d=459502
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2024-38277
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2024-38277
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-38277
https://github.com/moodle/moodle
https://github.com/moodle/moodle/commit/0caedaab7cd5a46331d56654ce9301b0a5a04c56
https://github.com/moodle/moodle/commit/1aea4a15281d81f2414a95aa485b8a6551708f57
https://github.com/moodle/moodle/commit/ad46a97f5355f0451d52e9f1a0f528d9a6f12e06
https://github.com/moodle/moodle/commit/d05795db8eece2943241a29a5443fb4685ba6070
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E
https://moodle.org/mod/forum/discuss.php?d=459502
https://nvd.nist.gov/vuln/detail/CVE-2024-38277
F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/
GHSA-r82w-3phg-qvr4 https://github.com/advisories/GHSA-r82w-3phg-qvr4
GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/moodle/moodle
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/0caedaab7cd5a46331d56654ce9301b0a5a04c56
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/1aea4a15281d81f2414a95aa485b8a6551708f57
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/ad46a97f5355f0451d52e9f1a0f528d9a6f12e06
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/d05795db8eece2943241a29a5443fb4685ba6070
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-21T15:55:16Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-21T15:55:16Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://moodle.org/mod/forum/discuss.php?d=459502
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://moodle.org/mod/forum/discuss.php?d=459502
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-21T15:55:16Z/ Found at https://moodle.org/mod/forum/discuss.php?d=459502
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-38277
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.28165
EPSS Score 0.00098
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:11:06.581713+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-r82w-3phg-qvr4/GHSA-r82w-3phg-qvr4.json 36.1.3