THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-3932

Totara LMS cross-site request forgery

Reserved:2024-04-17
Published:2024-04-18
Updated:2024-06-06

Description

EN DE

A vulnerability classified as problematic has been found in Totara LMS 18.0.1 Build 20231128.01. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261369 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Es wurde eine Schwachstelle in Totara LMS 18.0.1 Build 20231128.01 entdeckt. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf. Durch das Beeinflussen mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.



MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
MEDIUM: 4.3CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
5.0AV:N/AC:L/Au:N/C:N/I:P/A:N (CVSS 2.0)

Problem types

CWE-352 Cross-Site Request Forgery

Product status

18.0.1 Build 20231128.01
affected

Timeline

2024-04-17:Advisory disclosed
2024-04-17:VulDB entry created
2024-04-17:VulDB entry last update

References

https://vuldb.com/?id.261369 (VDB-261369 | Totara LMS cross-site request forgery) vdb-entry

https://vuldb.com/?ctiid.261369 (VDB-261369 | CTI Indicators (IOB, IOC)) signature permissions-required

https://vuldb.com/?submit.314381 (Submit #314381 | Totara Totara LMS Totara 18.0.1 (Build: 20231128.01) Privileges Scalation) third-party-advisory

cve.org CVE-2024-3932

nvd.nist.gov CVE-2024-3932

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-3932