Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Accepted
Permalink CVE-2024-48901
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 1 year, 4 months ago by @fricklerhandwerk Activity log
  • Created automatic suggestion 1 year, 4 months ago
  • @fricklerhandwerk accepted 1 year, 4 months ago
Moodle: idor when fetching report schedules

A vulnerability was found in Moodle. Additional checks are required to ensure users can only access the schedule of a report if they have permission to edit that report.

References

Affected products

moodle
  • <4.3.8
  • <4.4.4
  • <4.2.11
  • <4.1.0
  • <4.1.14

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers