Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: moodle

Found 64 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2024-25982
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 11 months, 2 weeks ago
Msa-24-0005: csrf risk in language import utility

The link to update all installed language packs did not include the necessary token to prevent a CSRF risk.

References

Affected products

4.2.6
  • ==and 4.1.9
moodle
  • <4.3.3
  • <4.1.9
  • <4.2.6
  • ==4.3.3

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

Package maintainers

Untriaged
Permalink CVE-2024-43437
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 year, 1 month ago
Moodle: xss risk when restoring malicious course backup file

A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files.

Affected products

moodle
  • <4.2.9
  • <4.3.6
  • <4.1.12
  • <4.4.2

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

Package maintainers

Untriaged
Permalink CVE-2023-28331
6.1 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 year, 1 month ago
Moodle: xss risk when outputting database activity filter data

Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk.

References

Affected products

moodle
  • <4.1.2
  • <4.0.7
  • <3.11.13
  • <3.9.20

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

Package maintainers

Untriaged
Permalink CVE-2024-43428
7.7 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 1 year, 2 months ago
Moodle: cache poisoning via injection into storage

To address a cache poisoning risk in Moodle, additional validation for local storage was required.

Affected products

moodle
  • <4.1.12
  • <4.3.6
  • <4.4.2
  • <4.2.9

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

Package maintainers

Untriaged
Permalink CVE-2024-43426
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 1 year, 2 months ago
Moodle: arbitrary file read risk through pdftex

A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed.

Affected products

moodle
  • <4.1.12
  • <4.3.6
  • <4.4.2
  • <4.2.9

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

Package maintainers

Accepted
Permalink CVE-2024-45691
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 1 year, 4 months ago by @LeSuisse Activity log
  • Created automatic suggestion 1 year, 4 months ago
  • @LeSuisse accepted 1 year, 4 months ago
Moodle: lesson activity password bypass through php loose comparison

A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less secure due to a loose comparison in the password-checking logic. This issue only affected passwords set to "magic hash" values.

References

Affected products

moodle
  • <4.3.7
  • <4.1.13
  • <4.2.10
  • <4.4.3

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers

Accepted
Permalink CVE-2024-45689
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 1 year, 4 months ago by @LeSuisse Activity log
  • Created automatic suggestion 1 year, 4 months ago
  • @LeSuisse accepted 1 year, 4 months ago
Moodle: unprotected access to sensitive information via dynamic tables

A flaw was found in Moodle. Dynamic tables did not enforce capability checks, which resulted in users having the ability to retrieve information they did not have permission to access.

References

Affected products

moodle
  • <4.3.7
  • <4.2.10
  • <4.1.13
  • <4.4.3

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers

Accepted
Permalink CVE-2024-45690
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 1 year, 4 months ago by @LeSuisse Activity log
  • Created automatic suggestion 1 year, 4 months ago
  • @LeSuisse accepted 1 year, 4 months ago
Moodle: idor when deleting oauth2 linked accounts

A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts.

References

Affected products

moodle
  • <4.1.13
  • <4.4.3
  • <4.2.10
  • <4.3.7

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers

Accepted
Permalink CVE-2024-48897
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 1 year, 4 months ago by @LeSuisse Activity log
  • Created automatic suggestion 1 year, 4 months ago
  • @LeSuisse accepted 1 year, 4 months ago
Moodle: idor in edit/delete rss feed

A vulnerability was found in Moodle. Additional checks are required to ensure users can only edit or delete RSS feeds that they have permission to modify.

References

Affected products

moodle
  • <4.3.8
  • <4.4.4
  • <4.2.11
  • <4.1.0
  • <4.1.14

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers

Accepted
Permalink CVE-2024-48896
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 1 year, 4 months ago by @LeSuisse Activity log
  • Created automatic suggestion 1 year, 4 months ago
  • @LeSuisse accepted 1 year, 4 months ago
Moodle: users' names returned in messaging error message

A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site.

References

Affected products

moodle
  • <4.3.8
  • <4.4.4
  • <4.2.11
  • <4.1.0
  • <4.1.14

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers