Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: moodle-dl

Found 55 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2024-25982
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 11 months, 3 weeks ago
Msa-24-0005: csrf risk in language import utility

The link to update all installed language packs did not include the necessary token to prevent a CSRF risk.

References

Affected products

4.2.6
  • ==and 4.1.9
moodle
  • <4.3.3
  • <4.1.9
  • <4.2.6
  • ==4.3.3

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

Package maintainers

Untriaged
Permalink CVE-2024-43437
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 year, 1 month ago
Moodle: xss risk when restoring malicious course backup file

A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files.

Affected products

moodle
  • <4.2.9
  • <4.3.6
  • <4.1.12
  • <4.4.2

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

Package maintainers

Untriaged
Permalink CVE-2023-28331
6.1 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 year, 1 month ago
Moodle: xss risk when outputting database activity filter data

Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk.

References

Affected products

moodle
  • <4.1.2
  • <4.0.7
  • <3.11.13
  • <3.9.20

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

Package maintainers

Untriaged
Permalink CVE-2024-43428
7.7 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 1 year, 2 months ago
Moodle: cache poisoning via injection into storage

To address a cache poisoning risk in Moodle, additional validation for local storage was required.

Affected products

moodle
  • <4.1.12
  • <4.3.6
  • <4.4.2
  • <4.2.9

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

Package maintainers

Untriaged
Permalink CVE-2024-43426
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 year, 2 months ago
Moodle: arbitrary file read risk through pdftex

A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed.

Affected products

moodle
  • <4.1.12
  • <4.3.6
  • <4.4.2
  • <4.2.9

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

Package maintainers