Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Accepted
Filter by:
With package: moodle

Found 9 matching suggestions

View:
Compact
Detailed
Permalink CVE-2024-45691
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 1 year, 4 months ago by @LeSuisse Activity log
  • Created automatic suggestion 1 year, 4 months ago
  • @LeSuisse accepted 1 year, 4 months ago
Moodle: lesson activity password bypass through php loose comparison

A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less secure due to a loose comparison in the password-checking logic. This issue only affected passwords set to "magic hash" values.

References

Affected products

moodle
  • <4.3.7
  • <4.1.13
  • <4.2.10
  • <4.4.3

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers

Permalink CVE-2024-45689
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 1 year, 4 months ago by @LeSuisse Activity log
  • Created automatic suggestion 1 year, 4 months ago
  • @LeSuisse accepted 1 year, 4 months ago
Moodle: unprotected access to sensitive information via dynamic tables

A flaw was found in Moodle. Dynamic tables did not enforce capability checks, which resulted in users having the ability to retrieve information they did not have permission to access.

References

Affected products

moodle
  • <4.3.7
  • <4.2.10
  • <4.1.13
  • <4.4.3

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers

Permalink CVE-2024-45690
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 1 year, 4 months ago by @LeSuisse Activity log
  • Created automatic suggestion 1 year, 4 months ago
  • @LeSuisse accepted 1 year, 4 months ago
Moodle: idor when deleting oauth2 linked accounts

A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts.

References

Affected products

moodle
  • <4.1.13
  • <4.4.3
  • <4.2.10
  • <4.3.7

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers

Permalink CVE-2024-48897
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 1 year, 4 months ago by @LeSuisse Activity log
  • Created automatic suggestion 1 year, 4 months ago
  • @LeSuisse accepted 1 year, 4 months ago
Moodle: idor in edit/delete rss feed

A vulnerability was found in Moodle. Additional checks are required to ensure users can only edit or delete RSS feeds that they have permission to modify.

References

Affected products

moodle
  • <4.3.8
  • <4.4.4
  • <4.2.11
  • <4.1.0
  • <4.1.14

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers

Permalink CVE-2024-48896
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 1 year, 4 months ago by @LeSuisse Activity log
  • Created automatic suggestion 1 year, 4 months ago
  • @LeSuisse accepted 1 year, 4 months ago
Moodle: users' names returned in messaging error message

A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site.

References

Affected products

moodle
  • <4.3.8
  • <4.4.4
  • <4.2.11
  • <4.1.0
  • <4.1.14

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers

Permalink CVE-2024-48898
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 1 year, 4 months ago by @fricklerhandwerk Activity log
  • Created automatic suggestion 1 year, 4 months ago
  • @fricklerhandwerk accepted 1 year, 4 months ago
Moodle: some users can delete audiences of other reports

A vulnerability was found in Moodle. Users with access to delete audiences from reports could delete audiences from other reports that they do not have permission to delete from.

References

Affected products

moodle
  • <4.2.11
  • <4.1.0
  • <4.3.8
  • <4.4.4
  • <4.1.14

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers

Permalink CVE-2024-48900
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 1 year, 4 months ago by @fricklerhandwerk Activity log
  • Created automatic suggestion 1 year, 4 months ago
  • @fricklerhandwerk accepted 1 year, 4 months ago
Moodle: idor when accessing list of badge recipients

A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to.

References

Affected products

moodle
  • <4.4.4

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers

Permalink CVE-2024-48901
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 1 year, 4 months ago by @fricklerhandwerk Activity log
  • Created automatic suggestion 1 year, 4 months ago
  • @fricklerhandwerk accepted 1 year, 4 months ago
Moodle: idor when fetching report schedules

A vulnerability was found in Moodle. Additional checks are required to ensure users can only access the schedule of a report if they have permission to edit that report.

References

Affected products

moodle
  • <4.3.8
  • <4.4.4
  • <4.2.11
  • <4.1.0
  • <4.1.14

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers

Permalink CVE-2024-48899
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 1 year, 4 months ago by @fricklerhandwerk Activity log
  • Created automatic suggestion 1 year, 4 months ago
  • @fricklerhandwerk accepted 1 year, 4 months ago
Moodle: idor when accessing list of course badges

A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to.

References

Affected products

moodle
  • <4.4.4

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers