Dismissed suggestions Untriaged suggestions Draft issues Published issues Automatically generated suggestions Create Draft to queue a suggestion for refinement. Dismiss to remove a suggestion from the queue. CVE-2023-28329 6.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 1 month ago Moodle: authenticated sql injection via availability check Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers). moodle <4.1.2 <3.9.20 <4.0.7 <3.11.13 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2023-30943 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): HIGH Availability impact (A): NONE created 1 month ago Moodle: tinymce loaders susceptible to arbitrary folder creation The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. moodle <4.1.3 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2023-28332 created 1 month ago Moodle: algebra filter xss when filter is misconfigured If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk. moodle <3.9.20 <4.1.2 <4.0.7 <3.11.13 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2023-28333 9.8 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 1 month ago Moodle: pix helper potential mustache code injection risk The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS). moodle <3.9.20 <4.1.2 <4.0.7 <3.11.13 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2023-5545 3.3 LOW CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 1 month ago Moodle: auto-populated h5p author name causes a potential information leak H5P metadata automatically populated the author with the user's username, which could be sensitive information. moodle <4.1.6 <3.11.17 <4.0.11 <3.9.24 <4.2.3 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2023-28335 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 1 month ago Moodle: csrf risk in resetting all templates of a database activity The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk. moodle <4.1.2 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2023-5550 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 1 month ago Moodle: rce due to lfi risk in some misconfigured shared hosting environments In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. moodle <4.1.6 <3.11.17 <4.0.11 <3.9.24 <4.2.3 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2023-1402 created 1 month ago Moodle: course participation report shows roles the user should not see The course participation report required additional checks to prevent roles being displayed which the user did not have access to view. moodle <3.9.20 <4.1.2 <4.0.7 <3.11.13 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2023-5542 3.3 LOW CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 1 month ago Moodle: students can view other users in "only see own membership" groups Students in "Only see own membership" groups could see other students in the group, which should be hidden. moodle ==4.2.2 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de> CVE-2023-5544 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 1 month ago Moodle: stored xss and potential idor risk in wiki comments Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. moodle <4.1.6 <3.11.17 <4.0.11 <3.9.24 <4.2.3 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
CVE-2023-28329 6.3 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): LOW User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): LOW created 1 month ago Moodle: authenticated sql injection via availability check Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers). moodle <4.1.2 <3.9.20 <4.0.7 <3.11.13 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13
CVE-2023-30943 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): NONE Integrity impact (I): HIGH Availability impact (A): NONE created 1 month ago Moodle: tinymce loaders susceptible to arbitrary folder creation The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. moodle <4.1.3 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13
CVE-2023-28332 created 1 month ago Moodle: algebra filter xss when filter is misconfigured If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk. moodle <3.9.20 <4.1.2 <4.0.7 <3.11.13 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13
CVE-2023-28333 9.8 CRITICAL CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 1 month ago Moodle: pix helper potential mustache code injection risk The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS). moodle <3.9.20 <4.1.2 <4.0.7 <3.11.13 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13
CVE-2023-5545 3.3 LOW CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 1 month ago Moodle: auto-populated h5p author name causes a potential information leak H5P metadata automatically populated the author with the user's username, which could be sensitive information. moodle <4.1.6 <3.11.17 <4.0.11 <3.9.24 <4.2.3 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13
CVE-2023-28335 8.8 HIGH CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): HIGH Availability impact (A): HIGH created 1 month ago Moodle: csrf risk in resetting all templates of a database activity The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk. moodle <4.1.2 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13
CVE-2023-5550 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 1 month ago Moodle: rce due to lfi risk in some misconfigured shared hosting environments In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. moodle <4.1.6 <3.11.17 <4.0.11 <3.9.24 <4.2.3 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13
CVE-2023-1402 created 1 month ago Moodle: course participation report shows roles the user should not see The course participation report required additional checks to prevent roles being displayed which the user did not have access to view. moodle <3.9.20 <4.1.2 <4.0.7 <3.11.13 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13
CVE-2023-5542 3.3 LOW CVSS version: 3.1 Attack vector (AV): LOCAL Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): REQUIRED Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): NONE Availability impact (A): NONE created 1 month ago Moodle: students can view other users in "only see own membership" groups Students in "Only see own membership" groups could see other students in the group, which should be hidden. moodle ==4.2.2 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13
CVE-2023-5544 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): LOW Integrity impact (I): LOW Availability impact (A): NONE created 1 month ago Moodle: stored xss and potential idor risk in wiki comments Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. moodle <4.1.6 <3.11.17 <4.0.11 <3.9.24 <4.2.3 pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2 pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13 Package maintainers: 2 @freezeboy freezeboy @kmein Kierán Meinhardt <kmein@posteo.de>
pkgs.moodle Free and open-source learning management system (LMS) written in PHP nixos-unstable ??? nixpkgs-unstable 5.0.2
pkgs.moodle-dl Moodle downloader that downloads course content fast from Moodle nixos-unstable ??? nixpkgs-unstable 2.3.13