CVE-2024-3932 – A vulnerability classified as problematic has been found in Totara LMS 18.0.1 Build …

18 April 2024

Vuln ID: CVE-2024-3932

Published: 2024-04-18 00:15:08.033

Description: A vulnerability classified as problematic has been found in Totara LMS 18.0.1 Build 20231128.01. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261369 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Base Score: 4.3 – MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Source: NVD.NIST.GOV

Date:

18 April 2024

Categorie(s):

NVD

Tag(s):

NVD

Dropbox dropped the ball on security, haemorrhaging customer and third-party info2 May 2024
Block accused of mass compliance failures that saw digi-dollars reach terrorists2 May 2024
Smashing Security podcast #370: The closed loop conundrum, default passwords, and Baby Reindeer1 May 2024
Cyberattack against United Russia claimed by Ukraine1 May 2024
US jails former NSA employee for attempting secret sale to Russia1 May 2024