13.0.1
13.1.1
13.2.1
13.3.1
13.4.1
13.5.1
13.6.1
13.7.1
13.8.1
13.9.1
13.10.1
13.11.1
13.12.1
13.13.1
13.14.1
13.15.1
13.16.1
13.17.1
13.18.1
13.19.1
13.20.1
13.21.1
13.22.1
13.23.1
13.24.1
13.25.1
13.26.1
13.27.1
13.28.1
13.29.1
13.30.1
13.31.1
13.32.1
13.33.1
13.34.1
13.35.1
13.36.1
13.37.1
13.38.1
13.39.1
13.40.1
13.41.1
13.42.1
13.43.1
13.44.1
13.45.1
14.0.1
14.1.1
14.2.1
14.3.1
14.4.1
14.5.1
14.6.1
14.7.1
14.8.1
14.9.1
14.10.1
14.11.1
14.12.1
14.13.1
14.14.1
14.15.1
14.16.1
14.17.1
14.18.1
14.19.1
14.20.1
14.21.1
14.22.1
14.23.1
14.24.1
14.25.1
14.26.1
14.27.1
14.28.1
14.29.1
14.30.1
14.31.1
14.32.1
14.33.1
14.34.1
14.35.1
14.36.1
14.37.1
15.0.1
15.1.1
15.2.1
15.3.1
15.4.1
15.5.1
15.6.1
15.7.1
15.8.1
15.9.1
15.10.1
15.11.1
15.12.1
15.13.1
15.14.1
15.15.1
15.16.1
15.17.1
15.18.1
15.19.1
15.20.1
15.21.1
15.22.1
15.23.1
15.24.1
15.25.1
15.26.1
15.27.1
15.28.1
15.29.1
15.30.1
15.31.1
15.32.1
16.0.1
16.1.1
16.2.1
16.3.1
16.4.1
16.5.1
16.6.1
16.7.1
16.8.1
16.9.1
16.10.1
16.11.1
16.12.1
16.13.1
16.14.1
16.15.1
16.16.1
16.17.1
16.18.1
16.19.1
16.20.1
16.21.1
16.22.1
16.23.1
16.24.1
16.25.1
16.26.1
17.0.1
17.1.1
17.2.1
17.3.1
17.4.1
17.5.1
17.6.1
17.7.1
17.8.1
17.9.1
17.10.1
17.11.1
17.12.1
17.13.1
17.14.1
17.15.1
17.16.1
17.17.1
17.18.1
17.19.1
17.20.1
18.0.1
18.1.1
18.2.1
18.3.1
18.4.1
18.5.1
18.6.1
18.7.1
A problematic cross-site request forgery (CSRF) vulnerability has been identified in Totara LMS versions up to 18.7. This flaw allows attackers to potentially trigger unintended actions on behalf of authenticated users. The vulnerability affects an unknown part of the User Selector component. Upgrading to version 18.8 resolves this issue.
Successful exploitation of CVE-2024-3932 could allow an attacker to perform actions as a logged-in user within the Totara LMS environment. This could include modifying user profiles, creating new users, or performing other administrative tasks, depending on the user's permissions. The high complexity and difficulty of exploitation limit the immediate risk, but the public disclosure means attackers are actively seeking ways to bypass these barriers. The potential blast radius is limited to the scope of the user's permissions within the LMS.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. The CVSS score is LOW, indicating a relatively low probability of exploitation due to the high complexity. No active campaigns or KEV listing are currently associated with this CVE, but the public availability of information could change that. The vulnerability was published on 2024-04-18.
Exploit Status
EPSS
0.05% (15% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-3932 is to upgrade Totara LMS to version 18.8 or later. If an immediate upgrade is not feasible, consider implementing strict input validation and output encoding on all user-facing forms to reduce the attack surface. Implementing CSRF tokens on sensitive actions can also provide a layer of protection. After upgrading, confirm the vulnerability is resolved by attempting a CSRF attack on a sensitive action and verifying that it fails.
Upgrade Totara LMS to version 13.46, 14.38, 15.33, 16.27, 17.21 or 18.8, or a later version. This will correct the Cross-Site Request Forgery (CSRF) vulnerability in the user selector. It is recommended to create a backup before upgrading.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-3932 is a cross-site request forgery vulnerability affecting Totara LMS versions up to 18.7, allowing attackers to potentially perform actions as a logged-in user.
You are affected if you are running Totara LMS versions 18.7 or earlier. Upgrade to version 18.8 to mitigate the risk.
Upgrade Totara LMS to version 18.8 or later. Consider implementing CSRF tokens and input validation as interim measures.
While no active campaigns are confirmed, the vulnerability has been publicly disclosed, increasing the potential for exploitation.
Refer to the Totara LMS security advisory page for the latest information and updates: [https://totaralms.com/security/](https://totaralms.com/security/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.