CVE-2024-43428 is a vulnerability identified in Moodle, a widely used open-source learning management system. The issue stems from inadequate validation of data stored locally, which can lead to cache poisoning attacks. Cache poisoning in this context means an attacker can manipulate cached data, causing the system to serve malicious or incorrect information. The vulnerability affects Moodle versions 0, 4.2, 4.3, and 4.4. According to the CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), the attack requires local access (AV:L) but no privileges (PR:N) or user interaction (UI:N), and it impacts confidentiality and integrity severely (C:H/I:H) without affecting availability (A:N). The vulnerability is classified under CWE-345, which involves insufficient verification of data authenticity, indicating that Moodle did not properly validate local storage data before use. This flaw could allow attackers to inject malicious data into the cache, potentially leading to unauthorized data disclosure or modification. Although no exploits have been reported in the wild, the risk remains significant due to the high impact on confidentiality and integrity. The vulnerability was reserved in August 2024 and published in November 2024. No official patch links are provided in the data, but remediation would involve updating Moodle to versions that include enhanced validation of local storage data to prevent cache poisoning.

The primary impact of CVE-2024-43428 is the compromise of confidentiality and integrity of data within Moodle installations. Attackers with local access could poison the cache, causing the system to serve manipulated or malicious content. This could lead to unauthorized disclosure of sensitive educational data, alteration of course materials, grades, or user information, undermining trust in the platform. Although availability is not affected, the integrity and confidentiality breaches can have severe consequences for educational institutions, students, and staff relying on Moodle for critical learning activities. The requirement for local access limits the attack surface but does not eliminate risk, especially in environments where multiple users share systems or where attackers can gain local footholds through other means. The absence of known exploits in the wild suggests limited current exploitation but does not preclude future attacks. Organizations worldwide using affected Moodle versions are at risk, particularly those with less stringent local access controls or outdated software.

To mitigate CVE-2024-43428, organizations should: 1) Immediately identify and inventory Moodle installations running affected versions (0, 4.2, 4.3, 4.4). 2) Apply official patches or updates from Moodle that address local storage validation and cache poisoning. If patches are not yet available, consider temporary workarounds such as restricting local access to Moodle servers and enforcing strict user permissions. 3) Harden local system security to prevent unauthorized local access, including using endpoint protection, limiting user privileges, and monitoring for suspicious activity. 4) Conduct regular audits of Moodle cache and local storage data integrity to detect anomalies. 5) Educate system administrators and users about the risks of local access vulnerabilities and enforce strong authentication and access controls. 6) Monitor Moodle security advisories and CVE databases for updates or exploit reports. 7) Consider network segmentation to isolate Moodle servers from less trusted local users. These steps go beyond generic advice by focusing on local access control hardening and proactive monitoring of cache integrity.