Login Sign Up

CVE-2024-43428

7.7 HIGH

📋 TL;DR

This CVE addresses a cache poisoning vulnerability in Moodle that could allow attackers to manipulate locally cached data. The vulnerability affects Moodle installations where improper validation of local storage could lead to security bypass or data corruption. All Moodle users running affected versions are potentially impacted.

💻 Affected Systems

Products:
  • Moodle
Versions: Specific affected versions not specified in provided references; check Moodle security advisories
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Moodle installations with local caching enabled; exact version ranges should be verified from official Moodle security advisories

📦 What is this software?

Moodle by Moodle

View all CVEs affecting Moodle →

Moodle by Moodle

View all CVEs affecting Moodle →

Moodle by Moodle

View all CVEs affecting Moodle →

Moodle by Moodle

View all CVEs affecting Moodle →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could poison the local cache to bypass security controls, manipulate user data, or serve malicious content to legitimate users.

🟠

Likely Case

Cache manipulation leading to inconsistent application behavior, potential data integrity issues, or minor security bypasses.

🟢

If Mitigated

With proper input validation and cache controls, impact would be limited to potential performance degradation without security compromise.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires understanding of Moodle's caching mechanisms and ability to manipulate local storage

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Moodle security releases for specific patched version

Vendor Advisory: https://moodle.org/mod/forum/discuss.php?d=461196

Restart Required: No

Instructions:

1. Check Moodle version
2. Update to latest security release
3. Verify cache validation is functioning

🔧 Temporary Workarounds

Disable local caching

all

Temporarily disable Moodle's local caching mechanism to prevent cache poisoning

Edit Moodle config.php and set $CFG->cachestores = array();

🧯 If You Can't Patch

  • Implement strict input validation for all cache operations
  • Monitor cache integrity checks and audit cache usage patterns

🔍 How to Verify

Check if Vulnerable:

Check Moodle version against security advisories; examine cache validation implementation

Check Version:

Check Moodle admin panel or version.php file

Verify Fix Applied:

Verify Moodle version is updated; test cache operations for proper validation

📡 Detection & Monitoring

Log Indicators:

  • Unusual cache access patterns
  • Failed cache validation attempts
  • Cache corruption warnings

Network Indicators:

  • Abnormal cache-related API calls
  • Unexpected cache flush operations

SIEM Query:

Search for cache-related errors or validation failures in Moodle logs

📊 Metadata

CVE ID: CVE-2024-43428
CVSS v3 Score: 7.7 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-345
Published: November 7, 2024
Last Updated: May 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43428, you might also want to check these:

CVE-2022-30315 9.8

Honeywell Experion PKS Safety Manager controllers lack cryptographic authentication for control logi...

Same vulnerability type (CWE-345)
CVE-2025-66255 9.8

This vulnerability allows unauthenticated attackers to upload malicious firmware files to Mozart FM ...

Same vulnerability type (CWE-345)
CVE-2022-26871 9.8

CVE-2022-26871 is a critical arbitrary file upload vulnerability in Trend Micro Apex Central that al...

Same vulnerability type (CWE-345)