CVE-2024-38277
Published: 18 June 2024
Summary
CVE-2024-38277 is a medium-severity Use of a Key Past its Expiration Date (CWE-324) vulnerability in Moodle Moodle. Its CVSS base score is 5.4 (Medium).
Operationally, ranked at the 40.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-2156
Vulnerability details
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Key-management requirements enforce lifecycle controls that prevent continued use of expired or superseded keys.
Maintaining currency with technologies and practices reduces selection of encryption mechanisms that provide inadequate strength.
Updated assessments identify when previously adequate encryption strength no longer meets current attack capabilities or compliance drivers.
Specifies required cryptography types and parameters, preventing selection of inadequate encryption strength.
Prompt patching corrects inadequate encryption strength when vendors release updates that increase key sizes or algorithm security.