Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: moodle

Found 64 matching suggestions

View:
Compact
Detailed
Accepted
Permalink CVE-2024-48898
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 1 year, 4 months ago by @fricklerhandwerk Activity log
  • Created automatic suggestion 1 year, 4 months ago
  • @fricklerhandwerk accepted 1 year, 4 months ago
Moodle: some users can delete audiences of other reports

A vulnerability was found in Moodle. Users with access to delete audiences from reports could delete audiences from other reports that they do not have permission to delete from.

References

Affected products

moodle
  • <4.2.11
  • <4.1.0
  • <4.3.8
  • <4.4.4
  • <4.1.14

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers

Accepted
Permalink CVE-2024-48900
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 1 year, 4 months ago by @fricklerhandwerk Activity log
  • Created automatic suggestion 1 year, 4 months ago
  • @fricklerhandwerk accepted 1 year, 4 months ago
Moodle: idor when accessing list of badge recipients

A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to.

References

Affected products

moodle
  • <4.4.4

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers

Accepted
Permalink CVE-2024-48901
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 1 year, 4 months ago by @fricklerhandwerk Activity log
  • Created automatic suggestion 1 year, 4 months ago
  • @fricklerhandwerk accepted 1 year, 4 months ago
Moodle: idor when fetching report schedules

A vulnerability was found in Moodle. Additional checks are required to ensure users can only access the schedule of a report if they have permission to edit that report.

References

Affected products

moodle
  • <4.3.8
  • <4.4.4
  • <4.2.11
  • <4.1.0
  • <4.1.14

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers

Accepted
Permalink CVE-2024-48899
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 1 year, 4 months ago by @fricklerhandwerk Activity log
  • Created automatic suggestion 1 year, 4 months ago
  • @fricklerhandwerk accepted 1 year, 4 months ago
Moodle: idor when accessing list of course badges

A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to.

References

Affected products

moodle
  • <4.4.4

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers