CVE-2024-43427 is a security vulnerability identified in the Moodle learning management system affecting versions 0, 4.2, 4.3, and 4.4. The flaw arises during the export process of site administration presets, where certain sensitive secrets and cryptographic keys are not properly excluded from the exported data. This oversight can lead to the unintentional disclosure of confidential credentials if the exported presets are shared with third parties, potentially exposing sensitive configuration details. The vulnerability is categorized under CWE-922, which relates to improper restriction of sensitive information in exported data. The CVSS 3.1 base score is 3.7 (low severity), with vector AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating that the vulnerability can be exploited remotely without authentication or user interaction but requires high attack complexity. The impact is limited to confidentiality loss, with no effect on integrity or availability. No public exploits have been reported so far. The vulnerability was published on November 11, 2024, and assigned by the Fedora security team. Since no patch links are currently available, administrators should exercise caution when exporting site presets and sharing them externally.

The primary impact of CVE-2024-43427 is the potential leakage of sensitive secrets and keys contained within Moodle site administration presets. If these presets are shared with unauthorized third parties, attackers could gain access to confidential configuration data, which might facilitate further attacks such as unauthorized access or privilege escalation. However, the vulnerability does not directly allow system compromise, code execution, or denial of service. The scope is limited to confidentiality, and exploitation requires the export and external sharing of presets, which reduces the likelihood of widespread impact. Organizations relying on Moodle for educational or training purposes could face data confidentiality risks, especially if they handle sensitive user or institutional data. The absence of known exploits and the high attack complexity further reduce immediate risk, but the exposure of secrets could have long-term security implications if leveraged by attackers.

Until an official patch is released, organizations should implement the following mitigations: 1) Avoid exporting site administration presets unless absolutely necessary; 2) If export is required, thoroughly review the exported files to identify and remove any sensitive secrets or keys before sharing; 3) Restrict access to exported preset files to trusted personnel only; 4) Implement strict access controls and monitoring around Moodle administrative functions to detect unauthorized export attempts; 5) Regularly audit Moodle configurations and secrets to ensure they are not inadvertently exposed; 6) Stay informed about Moodle security advisories for updates or patches addressing this vulnerability; 7) Consider isolating the Moodle administrative environment to minimize exposure; 8) Educate administrators about the risks of sharing exported presets and enforce policies to prevent accidental leaks.