NIXPKGS-2026-0039

published on

Permalink CVE-2025-62393

4.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

updated 2 months, 3 weeks ago by @LeSuisse Activity log

Created automatic suggestion 4 months, 2 weeks ago
@LeSuisse removed package moodle-dl 2 months, 3 weeks ago
@LeSuisse removed maintainer @freezeboy 2 months, 3 weeks ago
@LeSuisse accepted 2 months, 3 weeks ago
@LeSuisse published on GitHub 2 months, 3 weeks ago

Moodle: course access permissions not properly checked in course_output_fragment_course_overview

A flaw was found in the course overview output function where user access permissions were not fully enforced. This could allow unauthorized users to view information about courses they should not have access to, potentially exposing limited course details.

References

https://access.redhat.com/security/cve/CVE-2025-62393 x_refsource_REDHATvdb-entry
RHBZ#2404426 issue-trackingx_refsource_REDHAT
https://moodle.org/mod/forum/discuss.php?d=470381

Affected products

moodle

<5.0.3

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

nixos-unstable 5.0.2
- nixpkgs-unstable 5.0.2
- nixos-unstable-small 5.0.2

Package maintainers

Ignored maintainers (1)

@freezeboy freezeboy

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0039

References

Affected products

Matching in nixpkgs

pkgs.moodle

Package maintainers