What is CVE-2024-3932 — CSRF in Totara LMS?

CVE-2024-3932 is a cross-site request forgery vulnerability affecting Totara LMS versions up to 18.7, allowing attackers to potentially perform actions as a logged-in user.

Am I affected by CVE-2024-3932 in Totara LMS?

You are affected if you are running Totara LMS versions 18.7 or earlier. Upgrade to version 18.8 to mitigate the risk.

How do I fix CVE-2024-3932 in Totara LMS?

Upgrade Totara LMS to version 18.8 or later. Consider implementing CSRF tokens and input validation as interim measures.

Is CVE-2024-3932 being actively exploited?

While no active campaigns are confirmed, the vulnerability has been publicly disclosed, increasing the potential for exploitation.

Where can I find the official Totara LMS advisory for CVE-2024-3932?

Refer to the Totara LMS security advisory page for the latest information and updates: [https://totaralms.com/security/](https://totaralms.com/security/)

LOWCVE-2024-3932CVSS 3.1

Totara LMS User Selector cross-site request forgery

Platform

php

Component

totara-lms

Opgelost in

Getroffen Software

Componenttotara-lms

LeverancierTotara

Getroffen bereikOpgelost in

13.0 – 13.013.0.1

13.1 – 13.113.1.1

13.2 – 13.213.2.1

13.3 – 13.313.3.1

13.4 – 13.413.4.1

13.5 – 13.513.5.1

13.6 – 13.613.6.1

13.7 – 13.713.7.1

13.8 – 13.813.8.1

13.9 – 13.913.9.1

13.10 – 13.1013.10.1

13.11 – 13.1113.11.1

13.12 – 13.1213.12.1

13.13 – 13.1313.13.1

13.14 – 13.1413.14.1

13.15 – 13.1513.15.1

13.16 – 13.1613.16.1

13.17 – 13.1713.17.1

13.18 – 13.1813.18.1

13.19 – 13.1913.19.1

13.20 – 13.2013.20.1

13.21 – 13.2113.21.1

13.22 – 13.2213.22.1

13.23 – 13.2313.23.1

13.24 – 13.2413.24.1

13.25 – 13.2513.25.1

13.26 – 13.2613.26.1

13.27 – 13.2713.27.1

13.28 – 13.2813.28.1

13.29 – 13.2913.29.1

13.30 – 13.3013.30.1

13.31 – 13.3113.31.1

13.32 – 13.3213.32.1

13.33 – 13.3313.33.1

13.34 – 13.3413.34.1

13.35 – 13.3513.35.1

13.36 – 13.3613.36.1

13.37 – 13.3713.37.1

13.38 – 13.3813.38.1

13.39 – 13.3913.39.1

13.40 – 13.4013.40.1

13.41 – 13.4113.41.1

13.42 – 13.4213.42.1

13.43 – 13.4313.43.1

13.44 – 13.4413.44.1

13.45 – 13.4513.45.1

14.0 – 14.014.0.1

14.1 – 14.114.1.1

14.2 – 14.214.2.1

14.3 – 14.314.3.1

14.4 – 14.414.4.1

14.5 – 14.514.5.1

14.6 – 14.614.6.1

14.7 – 14.714.7.1

14.8 – 14.814.8.1

14.9 – 14.914.9.1

14.10 – 14.1014.10.1

14.11 – 14.1114.11.1

14.12 – 14.1214.12.1

14.13 – 14.1314.13.1

14.14 – 14.1414.14.1

14.15 – 14.1514.15.1

14.16 – 14.1614.16.1

14.17 – 14.1714.17.1

14.18 – 14.1814.18.1

14.19 – 14.1914.19.1

14.20 – 14.2014.20.1

14.21 – 14.2114.21.1

14.22 – 14.2214.22.1

14.23 – 14.2314.23.1

14.24 – 14.2414.24.1

14.25 – 14.2514.25.1

14.26 – 14.2614.26.1

14.27 – 14.2714.27.1

14.28 – 14.2814.28.1

14.29 – 14.2914.29.1

14.30 – 14.3014.30.1

14.31 – 14.3114.31.1

14.32 – 14.3214.32.1

14.33 – 14.3314.33.1

14.34 – 14.3414.34.1

14.35 – 14.3514.35.1

14.36 – 14.3614.36.1

14.37 – 14.3714.37.1

15.0 – 15.015.0.1

15.1 – 15.115.1.1

15.2 – 15.215.2.1

15.3 – 15.315.3.1

15.4 – 15.415.4.1

15.5 – 15.515.5.1

15.6 – 15.615.6.1

15.7 – 15.715.7.1

15.8 – 15.815.8.1

15.9 – 15.915.9.1

15.10 – 15.1015.10.1

15.11 – 15.1115.11.1

15.12 – 15.1215.12.1

15.13 – 15.1315.13.1

15.14 – 15.1415.14.1

15.15 – 15.1515.15.1

15.16 – 15.1615.16.1

15.17 – 15.1715.17.1

15.18 – 15.1815.18.1

15.19 – 15.1915.19.1

15.20 – 15.2015.20.1

15.21 – 15.2115.21.1

15.22 – 15.2215.22.1

15.23 – 15.2315.23.1

15.24 – 15.2415.24.1

15.25 – 15.2515.25.1

15.26 – 15.2615.26.1

15.27 – 15.2715.27.1

15.28 – 15.2815.28.1

15.29 – 15.2915.29.1

15.30 – 15.3015.30.1

15.31 – 15.3115.31.1

15.32 – 15.3215.32.1

16.0 – 16.016.0.1

16.1 – 16.116.1.1

16.2 – 16.216.2.1

16.3 – 16.316.3.1

16.4 – 16.416.4.1

16.5 – 16.516.5.1

16.6 – 16.616.6.1

16.7 – 16.716.7.1

16.8 – 16.816.8.1

16.9 – 16.916.9.1

16.10 – 16.1016.10.1

16.11 – 16.1116.11.1

16.12 – 16.1216.12.1

16.13 – 16.1316.13.1

16.14 – 16.1416.14.1

16.15 – 16.1516.15.1

16.16 – 16.1616.16.1

16.17 – 16.1716.17.1

16.18 – 16.1816.18.1

16.19 – 16.1916.19.1

16.20 – 16.2016.20.1

16.21 – 16.2116.21.1

16.22 – 16.2216.22.1

16.23 – 16.2316.23.1

16.24 – 16.2416.24.1

16.25 – 16.2516.25.1

16.26 – 16.2616.26.1

17.0 – 17.017.0.1

17.1 – 17.117.1.1

17.2 – 17.217.2.1

17.3 – 17.317.3.1

17.4 – 17.417.4.1

17.5 – 17.517.5.1

17.6 – 17.617.6.1

17.7 – 17.717.7.1

17.8 – 17.817.8.1

17.9 – 17.917.9.1

17.10 – 17.1017.10.1

17.11 – 17.1117.11.1

17.12 – 17.1217.12.1

17.13 – 17.1317.13.1

17.14 – 17.1417.14.1

17.15 – 17.1517.15.1

17.16 – 17.1617.16.1

17.17 – 17.1717.17.1

17.18 – 17.1817.18.1

17.19 – 17.1917.19.1

17.20 – 17.2017.20.1

18.0 – 18.018.0.1

18.1 – 18.118.1.1

18.2 – 18.218.2.1

18.3 – 18.318.3.1

18.4 – 18.418.4.1

18.5 – 18.518.5.1

18.6 – 18.618.6.1

18.7 – 18.718.7.1

Totara LMS User Selector cross-site request forgery

Impact en Aanvalsscenarios

Uitbuitingscontext

Wie Loopt Risicowordt vertaald…

Detectiestappenwordt vertaald…

Aanvalstijdlijn

Dreigingsinformatie

Getroffen Software

Zwakheidsclassificatie (CWE)

Tijdlijn

Mitigatie en Workarounds

Hoe te verhelpen

CVE Beveiligingsnieuwsbrief

Veelgestelde vragenwordt vertaald…

What is CVE-2024-3932 — CSRF in Totara LMS?

Am I affected by CVE-2024-3932 in Totara LMS?

How do I fix CVE-2024-3932 in Totara LMS?

Is CVE-2024-3932 being actively exploited?

Where can I find the official Totara LMS advisory for CVE-2024-3932?

Is jouw project getroffen?