Nixpkgs Security Tracker

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Accepted suggestions

to create a Nixpkgs security record and open a GitHub issue for tracking resolution. This action will notify maintainers and package subscribers, and cannot be revoked.

to remove a suggestion from the queue.

Permalink CVE-2024-48899

updated 1 year, 1 month ago by @fricklerhandwerk Activity log

Created automatic suggestion 1 year, 1 month ago
@fricklerhandwerk accepted 1 year, 1 month ago

Moodle: idor when accessing list of course badges

A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to.

Affected products

moodle

<4.4.4

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

nixos-unstable 4.4.3
- nixpkgs-unstable 4.4.3
- nixos-unstable-small 4.4.4

Package maintainers

@freezeboy freezeboy