Nixpkgs security tracker

Untriaged

Permalink CVE-2025-3634

4.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): NONE

created 6 months, 3 weeks ago

Moodle: moodle allows course self-enrolment before completing mfa

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes.

References

https://access.redhat.com/security/cve/CVE-2025-3634 x_refsource_REDHATvdb-entry
RHBZ#2359707 issue-trackingx_refsource_REDHAT

Affected products

moodle

<4.4.8
<4.3.12
<4.5.4

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

nixos-unstable -
- nixpkgs-unstable 5.0.2

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

nixos-unstable -
- nixpkgs-unstable 2.3.13

Package maintainers